Firefox extension no longer allow biometric unlock without unlocking desktop app

It seems change has been made to Firefox extension and now it is not possible to do biometric unlock without unlocking desktop app first.

This is very inconvenient. Every time I want to fill a password I need to switch to desktop app to do biometric unlock, then back to Firefox and again biometric unlock. This makes the extension almost useless.

This post https://old.reddit.com/r/Bitwarden/comments/1cyw9sp/extension_202450_always_requires_desktop_app_to/l5crkrk/ acknowledges the issue and says:

“This is expected new behavior to protect the encryption key stored by the desktop app, which is used for biometrics, from being used unexpectedly. The team is discussing solutions to allow this flow in a secure way.”

I am starting this thread to be able to track progress on solving this, as I believe this is critical for many users.

2 Likes

Here are a few related issues being tracked on Github. This first comment seems to be a long-term overview of what BW wants to achieve, and why this double-unlock behavior was introduced as an interim solution (with more details than in the reddit thread).

Also:

2 Likes

Thanks for pointing me to issues discussing this.

Makes sense, I am happy that it is acknowledged and will be eventually addressed.

2 Likes