I have a passkey for a mywebsite.com, and that website happened to have change its domain to mywebsite.net
The website in question never showed any backup codes during the passkey on-boarding process, and I stupidly never thought of digging through my account to retrieve the backup codes manually
Is there any way to change my passkey credential to work for mywebsite.net instead of mywebsite.com?
I’m mostly using the browser addon, but wouldn’t mind at all installing the desktop app or even mess with the server.
At first, I would contact the website / support and telling them about your issue. – I guess you’re not the only one having that problem right now with their site.
And did you try to login already? Maybe it does work? – If not, what error message do you get?
Yes they are working on a solution. But who knows how long it will take.
The passkey is used as the 2FA, so logging in with user/password works fine until reaching the passkey verification which Bitwarden doesn’t find the passkey for.
I would have assumed the passkeys would simply work based on the Autofill options just like the username/password works.
Or perhaps Bitwarden would let us choose which Login to use on the passkey prompt.
So you can’t even choose the passkey in Bitwarden?
If you add the new URI to your login item that contains the passkey, you should at least be able to choose the passkey (though I’m not sure if it will work then)… unless Bitwarden suppresses even the display of a passkey that doesn’t match the domain
Ah, didn’t “comprehend” that fully before. - So you still can autofill username and password? And the passkey is contained in that same login item? Hm, but then theoretically the passkey should be offered to you… (though I already made a comment on that before)
So you still can autofill username and password? And the passkey is contained in that same login item?
Exactly, I have a Bitwarden Login item that contains my username, password and the passkey.
Adding the new domain to the autofill option doesn’t help, still get the “No passkeys found for this application” when the website prompts for the passkey.
We obviously have no way to even view the passkey data in Bitwarden, at least not via the GUI. I’m guessing there are at least 2 fields defining passkeys: domain and private key.
And we don’t have access to either
Did some digging and basically passkeys seem to be tied to the “rpId” field of the passkey. The “rpId” value is the domain name and thus the passkey becomes bound to that domain regardless of what you set for your auto-fill domains.
I basically just exported my vault as json, and changed the “rpId” value to match the new domain name. Saved the file, and re-imported the modified vault.
Works now
Haha, the last two hours I thought if I should suggest that. It’s not intended by the FIDO Alliance that we manipulate the credentials – but you’re right, that way it is possible. Thanks for writing it yourself.
- So you still can autofill username and password? And the passkey is contained in that same login item? Hm, but then theoretically the passkey should be offered to you… (though I already made a comment on that before)
