(The listed release number is for the Bitwarden Server, other version numbers released in this cycle also include Web 2025.8.0, Browser Extension 2025.8.0, Mobile 2025.8.0, Desktop 2025.8.0, and CLI 2025.8.0)
Note
To ensure compatibility with the latest Bitwarden release, please update both your clients and self-hosted server. Keeping your software current in accordance with the Bitwarden software release support policy will help to maintain full compatibility, support, and unlock the latest Bitwarden features.
Admin Console
Remove card item type policy: An enterprise policy was added that allows enterprise organizations to restrict the use of the card item type. Learn more here.
Password Manager
Inline autofillpassword generator improvements: The inline autofill password generator will now immediately offer to save the generated password as a new login item. Learn more about the inline autofill here.
Improved Item view: New improvements to viewing vault items have been added. Updates include favicons and other important information presented at the top of the vault item. Learn more about vault items here.
HTTPS now required on Android: The Android Password Manager app now requires connection to a server using HTTPS. This change will only affect users who are self-hosting a Bitwarden server without a SSL/TLS certificate. Learn more about certificates here.
Unlock with biometrics updates: Security has been improved, requiring the desktop app to first be unlocked with some method other than biometrics, such as PIN or master password, after device restart before biometrics can be used to unlock the extension. Learn more about unlock with biometrics here.
Removed setting for requiring password or PIN on app-start when using biometric unlock. Password or PIN now always required on Windows and Linux, and never required on macOS.
Dependency updates, bug-fixes, and small enhancements
This is a disastrous change to make unannounced. I have a 80-year old mother in law and a 91 year old father who rely on Bitwarden to help reduce their risk of being defrauded (again), but equally rely being able to use Windows Hello to unlock their vault
They struggle to remember any passwords - which is why they were defrauded in the first place (same passwords everywhere). Windows Hello allows them to unlock their Windows desktop app, and from their unlock their browser integration.
Now they can’t. I can drive to my father’s house and set him up with a PIN - which, insecurely, will be the same as the PIN he uses to log into his PC so he has a chance to remember it, but I can’t drive to my mother in law’s house 1000km away to fix her.
Why was this change made? Wasnt the Windows Hello opening of the Bitwarden app secure? Or what happened? Why was this change made? Any way to undo it? Or what is the problem here exactly.
I did read and didnt make out of it the main point…which is…that Windows Hello is no longer supported as a means to open Bitwarden App. Even the thread is about Chrome extension, not Windows Hello or Bitwarden app.
Hey @mmja, the linked PR is in reference to the Desktop app/windows hello. The browser extension biometrics relies on the desktop app.
Removed setting for requiring password or PIN on app-start when using biometric unlock. Password or PIN now always required on Windows and Linux, and never required on macOS.
If truly locked out, as in she does not know her master password, we do have some tips and tricks that may help regain access. If this is a case of you needing to teach a new step in the process, or to make a minor configuration change, you might consider setting up a Zoom meeting where you can take control of her screen.
You really ought to provide emergency sheets for those that you support and keeping a copy with them. This gives them the necessary information so that they can recover from problems, perhaps with a bit of phone support from you, or local support from a smart friend. And, if you know their credentials and truly are supporting them, back up their vaults whenever you backup your own.
is there a vote down feature for this? I mean I understand its being done to enhance security but there are other password managers like 1password who have this feature “use biometrics or windows hello on app restart to unlock the app”. So are you guys saying they (1password and others) are vulnerable on windows? If not then why did bitwarden remove this? Please fix any vulnerabilites and bring it back on. I am sorry if I sound rude but It is too inconvenienit this way having to type the password every time on app restart.
No, only temporarily: I was able to assist her to get logged in, again.
And yes, your suggestion of remote support wasn’t a silly one, but when you are facing elderly users, even getting them to start a pre-installed screen sharing application can be problematic - especially if they haven’t used it recently, and the first thing it wants to do is update, and they get flustered, and close it down “just in case”.
My point still stands: elderly users with desktop PCs in secure environments might be a small subset, but when they have on a windows device their master password and windows hello as the only methods, and you remove one, they are effectively locked out. Removing their way of logging in without warning on upgrade is a very poorly thought out user experience.
So the desktop version updated itself to 2025.8.1. Nice. I guess. But whats new? There is no mention about this in changelogs / release notes. They still talk about 2025.8.0. Or is this a legit update at all or a trojaned version that just got downloaded and installed on my computer?
Second thing:
Is it possible to prevent automatic updates? Just be sure. There does not seem to be a setting for that in the desktop version for Windows 11. Or is there? I cant find.
If you install the portable version of the Desktop app (available from the downloads page), then it will not update automatically. However, unless you are self-hosting, old versions of the Desktop app could become incompatible with the Bitwarden Server software as soon as 3 months after initial release.
@mmja@grb@dwbit I already updated the new versions in the OP here yesterday.
I was confused about the release notes at first - but the desktop app is connected to the “Safari” package and the DDG integration, so it could be about providing the current mitigations from browser extensions 2025.8.1 to those as well.
There are no new “major” Release Notes – so I would assume, those are “hotfixes” / bugfixes within the 2025.8.0 Release. PS: So, no new thread, I would say. Otherwise it gets too crowded with separate releases. IMHO.
Note