This is a request for a setting in the desktop app (e.g. Windows) similar tot he setting “Ask for biometrics on launch” contained in the browser extension.
This would mean that when launching the desktop app and it’s locked, it’ll automatically ask for biometrics (e.g. bring up the Windoes Hello window in Windows) rather than having to press the Unlock with Windows Hello” or similar button.
One place where this would be useful is when Bitwarden is linked with Windows Hello. If you choose to login with a passkey stored in Bitwarden via Windows Hello linking, you just have to enter the biometric credential rather than having to press the “Log in with Windows Hello” or similar button. This would make Bitwarden like other passkey managers (e.g. built into browsers or the operating system) which just ask for the biometrics or other credentials.
Hm, I think in this paragraph you are mixing up two separate things now:
biometric unlock
passkey login
Furthermore, at the moment, there is not yet login with passkey for the desktop app there. When it comes, it will only be possible to “replace” using the master password (i.e. “just asking for the biometrics”) with a PRF-passkey (i.e. login-passkeys with encryption) – and Windows Hello doesn’t support storing those PRF-passkeys at the moment.
So, there are a few things missing for this… and in the end, you probably wouldn’t need an “Ask for biometric (unlock) on launch” setting for that, but an “Ask for passkey login on launch” or “Ask for passkey unlock on launch” option in the desktop app.
I know this. I tried out the beta, so was thinking of the future when it becomes part of the main version of the app.
Regarding the rest of what you said, I don’t know if this would make a difference or not to what you said, but the aim of the feature was to have an option that makes it quicker to open the Bitwarden app and get to the Windows Hello prompt, similar to a similar option for the extension.
Current process:
You open the Bitwarden app but it’s locked.
The Bitwarden app says that the vault is locked and displays a number of option buttons to unlock the vault or log out.
You press “Unlock with Windows Hello”
The Windows Hello dialog window appears.
The aim is to have an option which when set, results in the following happening instead:
You go to the Bitwarden app but it’s locked.
The Bitwarden app says that the vault is locked and displays a number of option buttons to unlock the vault or log out. However the ‘Log in with Windows Hello’ button is greyed out and a small progress wheel appears inside it and starts turning.
A short time later, the Windows Hello dialog window appears.
I wonder if there would be an issue of not being able to fall back to other vault unlock mechanisms once control has been handed to Windows Hello (e.g., in case Windows Hello authentication failes — e.g., if camera and/or fingerprint reader are not working, and/or the user has lost their Windows Hello PIN). If so, a user could potentially become stuck in a loop being unable to unlock their Desktop app any method.
I got that - and didn’t question that. – I only wanted to add that though you can user verify passkey usage with biometrics, it’s not the same as the current biometric unlock function in Bitwarden.
Hm. When you do the same (though, would it be the same with the desktop app, if implemented?!) with the browser extension, you can “cancel” Windows Hello and then you can access all options on the browser extension window again (other unlock options, log out…). I would guess, that would also be possible with the desktop app?