Wow, I’m so glad to see Windows Hello Biometrics ship after three years, but gosh, is it tedious with many extraneous, repeated prompts (an unfortunate trend now).
Bitwarden now requires 4 clicks from boot to an unlocked browser.
Windows boots.
Bitwarden.exe launches Windows Hello prompt, forcing an unlock on boot. Click OK. (+1)
You open your browser. The Bitwarden extension is still locked (ha! little did you know you only unlocked the system app in step 2!). You click the extension. (+1)
You click “unlock with biometrics” instead of typing in your master password. (+1)
You click “OK” to unlock. (+1, unavoidable)
These are way too many prompts and can be significantly reduced for users that only use the extension.
Fix #1: In Bitwarden.exe, allow us to not be forced to unlock at boot (it only unlocks the system app; the extension is not unlocked because the browser is not open; an unfortunately frivolous unlock).
Fix #2: When clicking a locked Bitwarden icon with biometrics enabled, the extension should automatically send the Windows Hello prompt. It is our first choice. We should not need to hit “unlock with biometrics”.
Fix #3: When browsing the web, a shortcut that triggers autofill (aka ctrl+shift+L) should automatically open the Windows Hello prompt and then autofill the login on the current page.
This, then, can turn into a single click affair.
Turn on the computer. No prompts. Hooray!
Open the browser. No prompts. Hooray!
Use keyboard shortcut to trigger the extension OR click the locked extension icon. (+1, optional).
Click “OK” on the Windows Hello prompt (+1, required).
For those that use keyboard shortcuts, this saves a lot of time and nuisance. Repeated prompts, especially ones on boot, are a tad annoying and this one is useless for extension-only users.
Biometric users are forced to install the system app: don’t force us to unlock that on boot, when the browser & extension aren’t even open.
The actual feature may also depend on the state of Chromium’s browserAction.openPopup API. The related Chromium issue has been around for over 6 years, but I think they have enabled part of the API with an allowlist.
The above GitHub PR mentioned the API was working, but I haven’t tried it out myself.
For #1, I also see behavior on macOS boot, so having the option to enable/disable the biometric request on boot would be good across platforms. Renaming feature request to not sound like Windows-specific feature could get more views/votes.
I think this initial unlock request is done inside bitwarden/jslib for Windows and macOS.
#2 is what I would like to see added most since it has the most noticeable impact on my general usage of Bitwarden.
I think adding a conditional call to unlockBiometric() inside the ngOnInit of a component like LockComponent could deal with this. Probably will need a corresponding extension option to enable/disable setting.
I’d actually be HAPPY if that was the required number of clicks…
For me (using a Windows Hello Camera), after Step 4, I have to go back to the desktop app and reauthorize using the fingerprint string (as if I’m setting up the biometric link again) every single time I try to use the biometric unlock in the Chrome extension, it seems to forgot the link to the desktop app each and every time)
I would like to address how windows app works at this point. As a user of WIndows Hello biometrics, it is strange to me that bitwarden at this point forces hello login popup on every windows boot which does not make much sense to me. Shouldn’t the app launch in the background (into the system tray) and wait for the moment when browser extension requests unlock command and only then show windows hello login screen?
The value of biometric unlock (fingerprint) is to rapidly unlock the vault, which means you can unlock frequently and easily and not have to otherwise set a long and insecure timeout period. But in the browser extensions currently, after you click on the Bitwarden toolbar button, you always have to then first click on the Unlock with Biometrics button before getting the biometric detection popup.
If you have configured Bitwarden to use biometrics, you always want to use biometrics so this extra click is completely unnecessary and slows things down.
Please remove the requirement to click the Unlock with Biometrics button if you have biometric unlocking enabled. Instead, clicking on the browser toolbar button should immediately bring up the biometric detection popup.
Merged a couple of posts and renamed the topic so we can keep track and make it easier to find.- tgreer
I very much appreciate this ongoing effort by the moderator(s) to keep the topics consolidated. It makes for a better user forum. Thanks.
One other request related to this issue: After one unlocks with biometrics, input focus should then be automatically put into the search field so you can start entering a pattern right away, since that will be the most common use case.
Fix #1: In Bitwarden.exe, allow us to not be forced to unlock at boot (it only unlocks the system app; the extension is not unlocked because the browser is not open; an unfortunately frivolous unlock).
This is really important especially for those who let bitwarden starts on system logon. It should not ask for unlock when “Start to Tray Icon” is selected
Most (facial) biometric implementations kick in automatically without the need for human intervention
Would it be possible in a future version to allow biometrics to automatically recognize us without having to manually ask BW to enable bio authentication/unlocking ?
