The bitwarden passkey FAQ currently claims that they can be deleted so i guess the feature was added, but I still dont see it anywhere?
If I no longer want to use my passkey, can I remove it?
Yes. This will be done in the same way you would remove a password on your device.
I’m afraid that’s a red herring, as the same FAQ page was already up in September, with that same response to the question about removing passkeys:
Hi,
I had this issue today and got round it by cloning the entry so it deleted the passkey and then removed the old entry. Not ideal, but it works!
BR
John
Well thats very reassuring… I love when documentation and marketing for important security features is wrong, and known to be wrong, for months. I recently read through it to understand how it works and its security properties, but if i cant actually trust it to be reliable or correct in describing how it works, or for errors/mistakes to be fixed promptly or even at all, then what?..
Since the FAQ page was published over a month before the passkey feature was released, I would read it as a documentation of how they plan for the feature to work (once fully implemented).
If you want to speed up progress on the ability to delete passkeys that are stored in Bitwarden, I would suggest that you (and other readers of this thread) respond to the community feedback request made by a Bitwarden developer on Dec. 14 in this thread:
I’ve done my part here. Maybe hearing from some other users would help get this feature development prioritized.
My use-case is pretty simple:
I have 2 entries for a given website and I added a pass-key to the wrong item in BW (let’s say I wanted it in entry A and added it to entry B on accident). I don’t want to set up a passkey for B since I use a different kind of MFA for that account. I also don’t want to delete + recreate B because it destroys the edit history. To top it off, A is a personal account in my own vault, and B is a shared account in a different organization. So I added a personal pass-key to a shared vault and can’t remove it now.
What if instead of deleting the passkey field you had a clear button which would set the current field value to null, and keep the previous value in the history?
This would be useful for all fields to be honest: username, password, passkey, totp.
TOTP is just as susceptible to permanent deletion as the passkey is.
FYI, when it comes to the password (as well as any custom field of the “Hidden” type), past values are already stored in the “Password History” when deleted or modified.
This is very handy, thank you. Never used the hidden type for custom fields before.
@Micah_Edelblut I have the same issue:
That’s very important either to give opportunity to delete old passkeys, or support update correctly or store multiple passkeys, otherwise it’s unusable (the only workaround is duplicate)
This is really interesting! We’ll look into the case where a passkey stops working because of the email change. If you delete the old public key from github, you should be able to overwrite the private key stored in Bitwarden.
That’s not always true, as shown in the image @pearce89 posted right above your response (and in the one I added in the OP -which is of this community, btw-).
I too would like to be able to delete passkeys.
I tested having one for my Google Account while waiting for my actual hardwre to arrive (Yubikeys)
I now wish to delete my test passkey from my Google Account, but I can’t.
The fact you’re allowed/able to delete a passkey from almost every online service if you so desire, should be reason enough to also allow deleting it from Bitwarden. Otherwise all those services that allow two way (store + delete) actions can’t be properly reflected in Bitwarden with it only allowing one way (create)
Thanks very much.
Are you guys planning on releasing the delete feature in the future?
Thanks
Very simple use case. I have my kid’s Google account in my vault. I accidentally added the passkey to their account instead of mine. I don’t want to use a passkey for their account.
I want to be able to edit/delete it the same way as i can do for anything else.
They are my passwords/passkeys, etc.
“Accidentally deleting a passkey could lock you out of an account”
The same is true about passwords, cold wallets, etc no?
What’s the difference between deleting my passkey and deleting my password?
That’s why websites/institutions mitigate that with things like “Password reset”
@capze Welcome to the forum!
The difference is that Bitwarden does have a password history for deleted password, but they are (apparently) on the fence about implementing as “passkey history”.
The more relevant question is: what is the difference between deleting a passkey and overwriting it? The latter can already be done in Bitwarden (after confirming “Are you sure?”), but carries the same risk as deleting.
Yeah, what can i say, there is a concept of YAGNI, which in this case has 2 perspectives.
I want full control. If I make a mistake, I speak with the provider and recover my account. No big deal.
Also, Bitwarden already allows passkeys to be exported and imported, so mistakes can easily be mitigated by creating regular vault backups.
