Running desktop app version 2025.11.0 and windows 11. I am trying to unlock the app with windows hello but can’t. The unlock with windows hello button is greyed out. Windows hello is enabled through windows and works, that is what I use to login to windows.
I know they did away with this feature for a while but was brought back in the latest version, 2025.11.0, or at least that is what it says in the release notes. Downloaded and installed latest version directly from bitwarden.
In the app settings, I have unlock with windows hello checked, allow browser integration checked. Also have browser extension installed and have unlock with biometrics and ask for biometrics on launch checked. Also unchecked all those, logging out and rechecking them.
I have tried logging out of both the app and the extension with no change.
Not sure if this is normal behavior or not but seems odd to me.
So I uninstalled both the desktop app and the extension in firefox. Reinstall both of them, log back into the desktop app and checking settings. The next thing I realize is the extension went missing like it was uninstalled again but I didn’t uninstall again. So I reinstall it and log back in.
Now when I go to the settings in the extension and try to turn on unlock with biometrics and ask for biometrics on launch, one of two things happen. It will either say awaiting confirmation from desktop app or get an error message saying unable to setup biometrics, action was cancelled by the desktop app. When it says awaiting confirmation, I never get any type of confirmation in the app.
When trying to turn on the biometrics setting in the extension, should the app be open or closed?
The desktop app needs to be running in order to use biometric unlock in the browser extension. Not sure if this also applies to enabling biometric unlock, but it can’t hurt.
Indeed not a very clear statement – I would consider a locked and closed desktop app also as “still logged in” – but as the desktop app has to confirm the request of the browser extension, I think the desktop app has to be logged in and open. I really don’t know if the desktop app has to be unlocked for that or if it would also work with a locked and open desktop app.
I have previously found it necessary after updates to first validate that my desktop vault is working with biometrics and then while it is still unlocked, disable/enable the browser extension (as below) and then disable/reenable “account security >> unlock with biometrics”.
Sometimes there seems to be an extension permission that the browser “forgot about”, and reenabling the extension gets it reregistered.
So I stopped messing with this, never could get it working. Well several days after I quit messing with it, was able to unlock with windows hello. Not sure why but was like good. But now without making any changes, the unlock with windows hello button is greyed out again. This is with the desktop app.
I got this figured out somewhat, there was a setting that was checked that shouldn’t have been checked. Not sure how I over looked that setting, facepalm on my end.
While bio metrics does work, it doesn’t work every time when unlocking the extension. Sometimes it does, sometimes it doesn’t and nothing has been changed.
And I guess you mean “Require master password or PIN on app restart” in the desktop app settings?!
Yeah, my experience so far:
when that setting is checked, then you have to unlock the desktop app once (and that first unlock is only possible with master password or PIN - not with biometrics) before you can unlock the browser extension with biometrics
when that setting is unchecked, however, you don’t have to unlock the desktop app at all – you can unlock the browser extension with biometrics right away
(in both cases, it’s still necessary that the desktop app is up and running before the browser with the respective browser extension gets opened)
Yes that is the setting I am talking about. Feel so silly that I didn’t notice that sooner.
So I didn’t realize the desktop app had to be running before the browser was opened.
Something seems a little contradictory about this setting. You say when the setting is unchecked, don’t have to unlock the desktop app. But then you say in both cases, it’s still necessary to have the desktop app running.
Running – the desktop application has been opened at the operating system level.
Logged In – the encrypted vault has been downloaded to your PC from the website.
Unlocked — the vault is ready for you to use – viewing/editing/exporting/auto-filling/whatever.
In order to use biometrics in the extensions, the desktop needs to be running and logged in. It does not need to be unlocked. This odd requirement is because the web browser manufacturers do not give extensions enough access to the operating system to use Hello directly, so the app brokers this connection on behalf of the extension.
“Require master password or PIN on app restart” changes this a bit by postponing the app’s ability to assist the extension until after one has unlocked the vault at least once. One can lock it immediately after doing so as the app now knows that its launch had human intent behind it.
Running – the desktop application has been opened at the operating system level.
Logged In – the encrypted vault has been downloaded to your PC from the website.
Unlocked — the vault is ready for you to use – viewing/editing/exporting/auto-filling/whatever.
So this changes things a bit. When I see or hear the term running, I think of the program, whether it be bitwarden or something else, actually open and fully functional. Didn’t realize I could open bitwarden app, leave it at the unlock screen and be able to unlock the extension with biometrics.
