When the Bitwarden Firefox extension is invoked due to a passkey (WebAuthn) request and the vault is locked, the current dialog requires the user to unlock the vault before proceeding.
In situations where the user intends to authenticate with a hardware-backed passkey (external security key), unlocking the vault is unnecessary and introduces additional friction.
Proposed behavior
If the vault is locked and a passkey request is triggered, the dialog should offer the following options:
Immediately proceed to the external WebAuthn authenticator flow
Not require unlocking the vault
Leave the vault in its locked state
If the hardware passkey attempt fails or is cancelled, the dialog can return to the previous state where unlocking the vault remains available.
Why this would help
This would streamline authentication workflows for users who intentionally prefer hardware authenticators and do not need access to vault contents for the current login.
It also aligns with the expectation that hardware passkeys should work independently of the vault lock state.
Hm. No, I don’t think so. (i.e. it’s not required to unlock the extension)
When the BW browser extension pops up, it doesn’t have to be unlocked for what you describe. Just close the BW extension window, and the OS should continue. (in my case, on Windows, I then get the Windows Hello/Security prompt which allows to choose my hardware security key to continue the passkey login on the site)
PS: And if there are sites, where you always only want to use passkeys from your hardware security key, then you can add those domains to your “Excluded domains” (BW extension: Settings → Notifications → Excluded domains) – because then indeed, when you initiate a passkey login, the extension window doesn’t even come up, but the OS prompt, as you request it here.
PS: FWIW, I changed “Firefox extension” to “browser extension” in your title.
And I have one Passkey for Batllenet in my Gaming Computer and one in Bitwarden for login from other devices. So, excluding the domain would not help me.
When you try this with this forum (given you set up a login-passkey for that) – is that the same behaviour as for battle.net? – I don’t have a battle.net-Account, but this is how it is for me e.g. with the forum (I did that on Vivaldi, but it’s the same on Firefox on my system):
(PS: Only because I also have a passkey for the forum in Windows Hello at the moment, you see that coming up first in the animation – if I hadn’t that passkey stored in Windows Hello, the “Choose your passkey” window would come up directly.)
What Windows version are you using?
Did you set up Windows Hello?
Okay, understood… but then you could also just use the passkey from Bitwarden…
