Beyond frustrated with passkeys

I am beyond frustrated with Bitwarden right now.

I enabled Passkey for my Bitwarden account. I have a physical Yubikey, and whenever I try to add Bitwarden to another device, it’s the same story. It takes at least 100 tries, and frequently, I just give up out of sheer frustration. I can’t create a new Bitwarded passkey on my phone, I get an error. I can’t create a new Bitwarden passkey on on my PC, I get an error. I can’t find ANY way to remove the existing ones. I have been trying to log into Bitwarden on my tablet, where it has been logged in before. It won’t accept just the master password and requires WebAuthn, but it won’t accept any of my physical keys, and I can find a way to let me use just use my damn authenticator.

This happens every… single… time… I try to log into a new device or haven’t logged into the device for a while. And I’m done. I want to delete EVERY passkey for Bitwarden and just use my authenticator app until I can figure out how to get it to work when I need it. The ONLY 2 devices I can log into it on are my PC and my current phone. And god forbid I get another phone. I probably won’t be able to log into that one either.

This is insane.

I’m all for security, but when I can’t even get into my own damn account, it’s gone too far.

@Dezran Welcome to the forum!

I get that you’re frustrated about something that you are experiencing, but if you would like for the community to help you improve your experience, you will need to provide facts about your setup, what you’re doing, and what you’re observing.

I would also recommend that you carefully review the forum rules regarding respectful/constructive communication, to avoid getting your posts or comments flagged/hidden.

Let’s start with some basics. What operating systems and Bitwarden apps (Desktop, mobile, web vault, browser extensions, CLI) are you using? What version(s) of the apps are installed? For browser extensions, what browser(s) are you using? Are you self-hosting your own Bitwarden server, or is your account hosted on Bitwarden’s cloud servers?

With regards to your Yubikey, how have you registered this key in your Bitwarden account? Is it registered for Login with Passkey, and if so, is encryption enabled, supported but disabled, or unsupported? Is your Yubikey alternatively (or additionally) registered as a Two-Step Login method, and if so, which 2FA methods did you enable using your Yubikey (e.g., “Passkey” or “YubiKey”, corresponding to FIDO2/WebAuthn and Yubico OTP, respectively)?

When you “try to add Bitwarden to another device”, exactly what steps are you taking, and what do you observe as you perform these actions? If there are error messages, what is the exact wording of those error messages?

Based on what you said, you appear to have both a YubiKey and a TOTP authenticator enabled for 2FA for Bitwarden login. Here are the Android screens (presumed to be similar on iOS) that let you use the TOTP authenticator to supply the 2FA once you enter your password:

Bitwarden Mobile Login (2) - Authenticate WebAuthn1080×2325 28.5 KB

Instead of hitting the “Launch WebAuthn” button, you should hit the option (vertical ellipsis) button on the top right.

Bitwarden Mobile Login (2) - Authenticate WebAuthn hamburger1080×2328 32.1 KB

Now hit the “Authenticator app”:

Bitwarden Mobile Login (2) - Authenticator app1080×2328 36.5 KB

Please remember that when you expect to have multiple options but are presented with apparently only one, there might be other unfamiliar UI elements that you should explore. This is especially true for a workflow that isn’t used very often.

@Dezran Welcome to the forum!

In addition to what @grb asked: please also include which OS (and respective version) you are using on your PC and phone.

Pre-PS: I apologize if any of this rambles a bit. I’m having work done on my house and had 3 people come to my door with questions while I was typing this out. So I’ve had my train of thought broken more than once.

Thanks. Since adding the passkey, this has been an ongoing problem every time I’ve needed to add a new device.

I use Bitwarden on 3 main devices:
Pixel 9 Pro - Primary
PC with Windows 11 Pro on Chrome/Firefox
Laptop with Windows 11 Pro on Chrome/Firefox
and, for a while, I will need it on my Samsung android tablet.

What is truly driving me insane is, Bitwarden offers me the option to approve with another device. It sends the notification to my phone, I click to approve the login… Then Bitwarden on my Samsung tablet takes me straight back to WebAuthn and tries to find a passkey again. I’ve tried plugging my Yubikey into my tablet with zero luck. It just says it can’t find my passkey, and I’ve had the same experience with another Lenovo android tablet. I simply gave up on that one.
I also had Bitwarden give me a QR code to connect to the passkey on my phone. It acts like it is working for a few sends, then I just get “encountered an error”.

I’m not new to any of this. I’ve been using Bitwarden for years on multiple tablets, PC’s, laptops, phones, etc… I’ve always used a separate authenticator app but switched to passkey after getting several notifications of someone unsuccessfully trying to get into my account from eastern Europe and South America which, good luck figuring out a 20 character random password. I work in IT, deal with InfoSec, OKTA zero trust logins, Checkpoint, and any number of other 2FA setups.

I love Bitwarden, but honestly, dealing with it after configuring passkey has been nothing but a massive pain in the behind since. It works fine on devices that I configured when I created the passkey. I simply don’t understand why when it offers the chance to authenticate with another device, my phone gets the notification, and I approve the login… Then I get sent back to the WebAuthn screen on my Samsung android tablet to look for a passkey again. This has worked before, so it makes no sense that now it’s caught in this loop.

I’ve hit the point where I’m ready to just get rid of any passkeys and go back to 2FA. Right now, this is just causing me far too much frustration, and it shouldn’t be this difficult.

I’m still not 100% clear on your setup (see questions in the last two paragraphs of my response above), but let me try to clarify the above:

It seems that you were attempting to use Login with Device, which is an alternative to typing in your master password. Thus, just like with the option “Log in with master password”, you are expected to subsequently supply your one of your configured 2FA factors if you have enabled Two-Step Login for your account. Evidently, you have enabled one or more passkeys as a Two-Step Login method for your account, so you will be prompted for the passkey 2FA anytime that you log in (whether using your master password or another logged-in device to authenticate).

The only exception to this is if you have previously logged in using the same app/extension on the same device, and you checked the “Remember me” option when providing 2FA during that previous authentication. Doing so will waive the 2FA requirement for that app/device for up to 30 days. Such waivers are not possible for newly commissioned Bitwarden installations, since you must first complete one login during which you enable “Remember me”.

Finally, if you want to completely forgo both the master password entry and the 2FA requirement (and also skip the email address entry), you can use the Login with Passkey feature (which requires a different enrollment process than 2FA passkeys). Unfortunately, however, that feature is currently only available for the Web Vault and Chromium browsers. I believe that some of the confusion and frustration on your part may be because you are expecting 2FA passkeys to act as login passkeys — however, these are two completely different uses of passkeys.

If you answer some more of the questions that I had asked previously, I (or somebody else here) may be able to provide additional information to help you.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.