What is the current best practice to make sure that Bitwarden is the passkey provider (ie central shared storage and key delivery when prompted) in most major browsers and OS (Firefox, Edge and more importantly Chrome with their just announced cross devices cross platform support) ?
I am having a hard time with Bitwarden (through installed extension) and or the browser handling passkey requests and end up having various keys in various vaults, which is getting messy.
Is there any up to date guide as how this should be handled, ideally MacOS, iOS, Windows for major browsers ?
I guess on MacOS and Windows (and Linux?) it is still only possible to use passkeys with the browser extensions.
For iOS (and Android) you can find here Using passkeys with Bitwarden | Bitwarden Help Center in the tabs more info. As you can also read there, a basic requirement for iOS is version 17, and for Android version 14, though for the latter I can personally add, that the vendor of the phone must also enable the function for “third-party passkey providers” that it can function.
Apart from all that, as there are no tags in Bitwarden, still, I add “(Passkey”) to the title/name of my vault items with passkeys, to have more or less an overview…
@AlexT Have you disabled the native password managers in your browsers (e.g., Google Password Manager)?
Normally, any passkey requests from the website should be intercepted first by the Bitwarden browser extension, and if the browser extension passkey prompt is dismissed, you will get a second prompt, this time from the operating system (e.g., Windows Security).
As noted by @Nail1684, you need to ensure that the option “Ask to save and use passkeys” has been enabled in Bitwarden, and that the domains of interest are not on the exclusion list.
Can you provide some specific examples of where a passkey is not being saved in Bitwarden (provided that you have configured your system as described above)?
Right! I almost wrote it myself, but then I thought, that’s already recommended for using a dedicated password manager and not “passkey specific” - but nonetheless, it should be mentioned! There’s a recent blog article about this: Disable your browser-based password manager | Bitwarden Blog
I would add to that, that there can also be a “third” prompt, and that is by the browser. E.g. Chromium-based browsers offer a small button “Use passkey” or similar. (I don’t remember, when they introduced that popup)
That’s how it looks for me for this forum (the box “over” the inline-autofill… text in German; PS: that’s on Brave/Windows - I don’t know if the “design” can vary):
One, that would be interesting, yes. Two, that reminds me of: I guess there are still (or always? ) some sites, that don’t implement passkeys well enough that it works with a third-party passkey manager (or Bitwarden for that matter). My personal best example would be eBay, though it’s a few days since I last checked whether it works now (see here: Passkey popup doesn't show - domain not on excluded domains list) - or PayPal a time ago, when they only allowed the passkeys to be created on iOS or Android devices (I think they changed this restrictions now?!).
So there can always be “bad implementations” and/or “restrictions” for passkeys, depending on the specific site/account/service. (BTW, another example for “restrictions” would be, that you can’t store the “login-with-passkey”-passkey for Bitwarden (Log in with Passkeys | Bitwarden Help Center) via the Bitwarden browser extension in the Bitwarden vault… apart from the circular dependency it would create and whether it makes sense or not - it is also a “restriction”)
I have (obviously) fully disabled the browser level password manager (btw would be nice if BW could do that at install time or at the very least want that it is not turned off).
To report back on that: As I wrote, this prompt appeared some time ago - and until now, I never looked into it… Now I went through all (visible) settings about the in-built password manager, auto-fill etc. on Brave. Everything is disabled. Without any other extensive research: currently, I have no idea what setting enables or disables this prompt.
(PS: I also searched in brave :// flags for “passkey” and “prompt” and nothing hints to that passkey prompt)