Bitwarden Desktop on Windows allows the user to enable vault unlock through Windows Hello (under File > Settings > Unlock with Windows Hello). When this is done, a "Biometric master key" is generated and stored locally inside the Windows' user credential set. This is done through the "wincred" API, ...
This appears to be a problem with window's security model. Not only BW has this problem, 1P has this problem as well, and presumably other password managers that allow such convenience too. The only way is not to persist the encryption key/password/secret across app restart.