Automatically Select Biometrics for Unlocking when available

Wow, I’m so glad to see Windows Hello Biometrics ship after three years, but gosh, is it tedious with many extraneous, repeated prompts (an unfortunate trend now).

Bitwarden now requires 4 clicks from boot to an unlocked browser.

  1. Windows boots.
  2. Bitwarden.exe launches Windows Hello prompt, forcing an unlock on boot. Click OK. (+1)
  3. You open your browser. The Bitwarden extension is still locked (ha! little did you know you only unlocked the system app in step 2!). You click the extension. (+1)
  4. You click “unlock with biometrics” instead of typing in your master password. (+1)
  5. You click “OK” to unlock. (+1, unavoidable)

These are way too many prompts and can be significantly reduced for users that only use the extension.

  1. Fix #1: In Bitwarden.exe, allow us to not be forced to unlock at boot (it only unlocks the system app; the extension is not unlocked because the browser is not open; an unfortunately frivolous unlock).
  2. Fix #2: When clicking a locked Bitwarden icon with biometrics enabled, the extension should automatically send the Windows Hello prompt. It is our first choice. We should not need to hit “unlock with biometrics”.
  3. Fix #3: When browsing the web, a shortcut that triggers autofill (aka ctrl+shift+L) should automatically open the Windows Hello prompt and then autofill the login on the current page.

This, then, can turn into a single click affair.

  1. Turn on the computer. No prompts. Hooray!
  2. Open the browser. No prompts. Hooray!
  3. Use keyboard shortcut to trigger the extension OR click the locked extension icon. (+1, optional).
  4. Click “OK” on the Windows Hello prompt (+1, required).

For those that use keyboard shortcuts, this saves a lot of time and nuisance. Repeated prompts, especially ones on boot, are a tad annoying and this one is useless for extension-only users.

Biometric users are forced to install the system app: don’t force us to unlock that on boot, when the browser & extension aren’t even open.

Thanks for the thoughtful post!

Based on this feedback, I’d say this is actually 3 different improvements (just so we can track them realistically).

Would you mind creating them individually? i.e:

  1. Optional Unlock On Start for Desktop Apps (macOS + Windows could benefit)
  2. Default to biometrics prompt when enabled (Browser extension)
  3. You may not need a topic for #3, I think this function is already in this topic, which would then leverage #2 to unlock instead of clicking:
8 Likes

I think your #3 (autofill shortcut opening extension) has at least 5 related feature requests: 1494, 5953, 8544, 9553, and 12409

Along with an old GitHub issue and PR:

GitHub Links

[Feature Request] Open popup when autofilling using shortcut and vault is locked · Issue #433 · bitwarden/browser · GitHub

WIP: Open the popup when keybinding fails due to locked vault by stefanmaric · Pull Request #987 · bitwarden/browser · GitHub

The actual feature may also depend on the state of Chromium’s browserAction.openPopup API. The related Chromium issue has been around for over 6 years, but I think they have enabled part of the API with an allowlist.

The above GitHub PR mentioned the API was working, but I haven’t tried it out myself.

Related Mozilla docs: browserAction.openPopup() - Mozilla | MDN



For #1, I also see behavior on macOS boot, so having the option to enable/disable the biometric request on boot would be good across platforms. Renaming feature request to not sound like Windows-specific feature could get more views/votes.

I think this initial unlock request is done inside bitwarden/jslib for Windows and macOS.



#2 is what I would like to see added most since it has the most noticeable impact on my general usage of Bitwarden.

I think adding a conditional call to unlockBiometric() inside the ngOnInit of a component like LockComponent could deal with this. Probably will need a corresponding extension option to enable/disable setting.

2 Likes

I’d actually be HAPPY if that was the required number of clicks…

For me (using a Windows Hello Camera), after Step 4, I have to go back to the desktop app and reauthorize using the fingerprint string (as if I’m setting up the biometric link again) every single time I try to use the biometric unlock in the Chrome extension, it seems to forgot the link to the desktop app each and every time)

1 Like

That would be awesome. I don’t need to unlock bitwarden unless I’m using my browser.

3 Likes

I would like to address how windows app works at this point. As a user of WIndows Hello biometrics, it is strange to me that bitwarden at this point forces hello login popup on every windows boot which does not make much sense to me. Shouldn’t the app launch in the background (into the system tray) and wait for the moment when browser extension requests unlock command and only then show windows hello login screen?

The value of biometric unlock (fingerprint) is to rapidly unlock the vault, which means you can unlock frequently and easily and not have to otherwise set a long and insecure timeout period. But in the browser extensions currently, after you click on the Bitwarden toolbar button, you always have to then first click on the Unlock with Biometrics button before getting the biometric detection popup.

If you have configured Bitwarden to use biometrics, you always want to use biometrics so this extra click is completely unnecessary and slows things down.

Please remove the requirement to click the Unlock with Biometrics button if you have biometric unlocking enabled. Instead, clicking on the browser toolbar button should immediately bring up the biometric detection popup.

This is another case of streamlining the basic usability of Bitwarden.

1 Like

This feature request already exists:

Merged a couple of posts and renamed the topic so we can keep track and make it easier to find.

Merged a couple of posts and renamed the topic so we can keep track and make it easier to find.- tgreer

I very much appreciate this ongoing effort by the moderator(s) to keep the topics consolidated. It makes for a better user forum. Thanks.

One other request related to this issue: After one unlocks with biometrics, input focus should then be automatically put into the search field so you can start entering a pattern right away, since that will be the most common use case.

This makes a lot of sense to me. +1

  1. Fix #1: In Bitwarden.exe, allow us to not be forced to unlock at boot (it only unlocks the system app; the extension is not unlocked because the browser is not open; an unfortunately frivolous unlock).

This is really important especially for those who let bitwarden starts on system logon. It should not ask for unlock when “Start to Tray Icon” is selected

3 Likes

Hi

I recently moved to BW from KP. Thanks for including a free version :]]

I find it a little tedious to systematically login in or unlock BW, browser or desktop, because it requires several mouse clicks to get in :


Most (facial) biometric implementations kick in automatically without the need for human intervention

Would it be possible in a future version to allow biometrics to automatically recognize us without having to manually ask BW to enable bio authentication/unlocking ?

regards
yann

dito
someone needs to consider ‘fasttracking’ the biometric assistance
Too many steps, too many parts, too many clicks

1 Like

yes please! a setting to enable “always unlock with biometrics” would be excellent :slight_smile:

Are these items being implemented yet?

Thank you!

We have some community folks helping out on this one: Automatic Biometrics Prompt on Open Popup

2 Likes

Thank you for the response!

Why do I have to click a button to unlock with biometrics?
This should never have been a thing

I don’t understand why it’s taking so long to implement. Surely the developers themselves are annoyed with this.