So I had chosen Biometric Unlock but extension always ask for master password. I have to now manually select Unlock with Biometric this is not the way it worked before. The next problem is when I tell it to manually unlock with Biometric the Windows Hello Biometric Window is now hidden behind Firefox and I have to go click it on the toolbar. This makes Biometric unlock useless and I have had to resort to PIN unlock.
Version: 2025.5.0
SDK: ‘main (f28b4ef)’
Server version: 2025.6.2
Please fix this behavior. Make the Biometric Window be on top of the browser again and fix the unlock so it uses my preferred Biometric and not master password.
My setup is currently extension 2025.5.0 and desktop 2025.5.1, with the extension set to: Unlock with biometrics and Ask for biometrics on launch. Biometrics is launched properly on both Ctrl+Shift+L and clicking on the extension icon. It is launched immediately without having to click any button, and Windows Hello authentication shows up in the foreground.
If your desktop is the same version as mine, then the behaviors we observe would be different.
Bitwarden is aware of an issue with biometric unlock when using the Firefox and Opera browser extension. The issue will be resolved as soon as the 2025.6.0 version of the browser extension is approved and available for those browsers.
I just set it up with a Windows Hello PIN and could unlock the Firefox extension as expected. (Win 11, 24H2, 26100.6584 – BW desktop app 2025.9.0 – BW Firefox extension 2025.8.2)
So what exactly doesn’t work for you?
What versions do you have?
Did you try to set it up anew since it “broke”?
Half the time for some reason the desktop no longer will have it prompt for password. Unless I open the app and log it in than log back out it stops reacting with the biometrics login so I have just been using PIN instead. Don’t know why desktop app appears to stop reacting with the Firefox extension.
For some reason unlock with biometrics only works if it’s the first thing you do. If you don’t do it immediately, after you have a few tabs open, a couple of hours in, when you go to unlock, your only option is master password, which is highly annoying. Restarting FF, and restoring your previous session works, but why can’t you just use biometrics to unlock?
(Also, if you’ve already unlocked the desktop app, why do you have to unlock the extension as well?)
The windows hello pin is not what this forum is discussing. I was talking about the biometric login not working. At one point I was able to get it to initialize but even when I did it would still require me to login with my password. Now I can’t even get the finger print popup to be prompted to set up the biometric login (the app is open too).
For reference I’m on bitwarden extension and app version 2025.9.0. I’m having these issues on Firefox and brave for the Mac platform.
@molitar To be honest, I don’t understand what you wrote here back then.
What is that supposed to mean?
“The app” should be the desktop app, I guess? “It stops reacting with the biometrics login” should just mean that the biometrics unlock stops working? If yes: when?
And “using PIN instead”: for the desktop app? Or with the extension? Or “both”?
So sometimes it does work, and then it doesn’t? And then it does work again? Or does it stop completely without working again?
If I don’t open the app and unlock it at least once the biometric won’t work it seems to lose the capability to communicate with the web extension. As long as it’s running it should not have an issue for extension to communicate with it for the Biometric.
@molitar Thanks for that explanation - and it clears that up a bit, but it was always the case, that the Bitwarden desktop app has to be active in the background for the browser extensions being able to make use of biometric unlocking… So, not surprising what you just wrote.
So, you logged out in the desktop app? – And then you can’t unlock the extensions?
PS:
Or in other words:
From that sentence, it is not clear to me if you describe the problem further – or if that should be a description of the solution. I have no idea which of the two it is.
There is a difference between logged out and locked. To use biometrics in the browser extensions, the desktop application needs to both be running and logged in. Biometrics will not work if you are logged out of the desktop.
Another little gotcha is that whenever you start the desktop application, the first time you unlock (or login), you must use either the Master Password or the “bitwarden” pin. After this first authentication, you can then unlock with Biometrics (Face, Fingerprint, or Window Hello Pin).
As @DenBesten already hinted at, your vault can be logged in in two “states”:
Logged in and unlocked
Logged in and locked
The first one should indeed be mostly used only for shorter intervals (that’s why we usually recommend a very short vault timeout action time). But the second state is usually the recommended one for all or most Bitwarden apps to use - it is inconvenient to constantly log out and log in again, and instead (in most situations), locking the vault and unlocking it is the preferred way.
And depending on how that is set up (the unlocking method), it is still secure enough, as I would call it now. E.g. if you use a normal PIN to unlock the desktop app: if your PIN is not too short and not too easy (but “random” and unique) and you check the option “Lock with master password on restart”, then such a PIN should be perfectly fine. (also, as after five failed PIN attempts, the desktop app automatically log out the account)
PS: You could even just use the master password for unlock - or biometrics (but that at the moment just not for the first unlock of the desktop app). But the point now is: it would be perfectly fine to have the desktop app in the background logged in but locked - so that biometrics for the extensions could be used.
BTW, the biometrics option we speak of here is every time only an unlocking option - and never a login option. Regardless of which app it is, desktop app or browser extension. Meaning: you also only ever could unlock a browser extension with biometrics, when it was logged in but locked – you could neverunlock a browser extension that was logged out. (!)
Logged in but locked is considered a safe state. If you read my earlier link, you will know that locked means “downloaded, but still encrypted”.
Most of us have found the best compromise between security and convenience is to keep the vault locked with a short timeout (30 seconds or a minute) and with unlock with biometrics enabled. The idea being that a locked vault is substantially more secure than an unlocked vault, and since biometrics make unlock very low friction, one is not tempted to make compromises (e.g. keeping your master password in notepad, or keep the vault unlocked longer).