As far as I remember, the OS also must support that. (e.g. on Windows 10, even with a PRF-supporting browser and e.g. a YubiKey 5, you can’t create and use “login-with-passkey”-passkeys with encryption, as Windows 10 doesn’t support that… if MS didn’t change it in the meantime)
I don’t know what you expect in this thread exactly:
I can share that for me using Linux (Ubuntu) with a Chrome based browser (Brave), login with Password works perfectly with a Yubikey. And I love this feature.
It is probably off-topic for this thread: it would be nice to be able to unlock the vault the same way.
Yes, I find it very convenient (and secure) to access the Web Vault using a Yubikey, and when passkey login comes to the browser extension, I will finally be able to introduce some family members to Bitwarden. Any update on that?
Windows 11, desktop and browser (Firefox) working flawlessly with various Yubikeys and Yubico Security keys.
Windows 11 is basically double the keystrokes/clicks for anything security key related, but that is not on you guys and Bitwarden passkeys are working great.
Windows 10, nearing EOL and I still have not found a way to get passkey encryption working. This is actually what prompted me to install Windows 11 finally.
Apparently Apple added support for PRF in iOS 18, so hopefully will be able to use them on iPhones soon too.
Using this feature ever since it was announced.
Its a great way to login to your vault , without typing your master password or worry about someone shoulder surfing you.
I am waiting for this feature to be added to desktop and other clients too.
For now i am even using the web vault as a webapp on the desktop , to take advantage of this feature.
It’s a great gain in security and I really desire it for the mobile apps and browser extensions.
Especially with the mobile app, I would rather like to log out and log back in swiftly, instead of using biometric unlocking… nothing against that in general, but since my Android phone also works with biometric unlocking, I really miss an (relatively) easy way to make the BW mobile app “more secure” here. With easy logout/login, it wouldn’t even leave the local data on the phone.
When I log into the Bitwarden Web Vault on my iPhone and create a passkey with encryption (PRF extension) using iCloud Keychain, I can log in without any problems on the iPhone. However, when I try to use this passkey in Chrome on Windows via QR code/BLE, the login fails. On the other hand, if I log into Chrome on Windows first and then create a passkey with encryption on my iPhone via QR code/BLE, I can log in successfully on Windows using the passkey. However, when I try to log in on my iPhone with the same passkey, it fails, even though the passkey is stored on the iPhone.
@dwbit
Quick question…is it possible that my system or my browser settings could prevent my previously working passkey from unlocking my vault properly? I have a iCloud/TouchID passkey on my macbook pro, and have attempted to login to the web client on Chrome browser…the page accepts my fingerprint biometrics, but then redirects me to “login with master password,” page. I know that my settings must be enabled properly such that the passkey allows for encryption, but theoretically, fi encryption is enabled, could this functionality still be hindered by system or browser settings? Thanks!
I am not sure why this feature is still in beta . I have been using this for like a year and didn’t seem to find any issues. Hopefully this gets out of beta soon.
Also want to know when it would be introduced in other clients as well like the desktop app and mobile.
I wanted to add a passkey from Android, from Chrome browser but then Bitwarden itself tried to store the passkey. What’s the correct way of doing this? It seems odd that I would save the Bitwarden website passkey, in Bitwarden - so I didn’t, just like I don’t have a Bitwarden login entry in Bitwarden. (Also a bit off topic but it’s odd that items for which Bitwarden saves passkeys display no indication of this.)
It’s really up to you where you’d like to save your Bitwarden passkeys - there isn’t a correct way of doing it. You could save your Bitwarden passkey in Bitwarden. We do try to prevent this in some cases, because having this sort of “I need Bitwarden to access Bitwarden” setup isn’t great, but as a backup it’s fine.
Hi Micah, I appreciate the reply, and I realize I didn’t ask the right question. If one wants to use their device (Android smartphone in this case) biometrics, in order to set the Bitwarden passkey, how would one achieve that? Like do I have to choose Google as the auto fill provider, or some authenticator app? Doesn’t Android have some default way to store these, like in the case of a Windows machine via Windows Hello for example? So basically to use the device vanilla option that’s there for all basic biometric unlocks. Sorry for the lack of tech savvyness in this regard. Thanks!
To achieve that effect, you’d want to set up Google Password Manager to be an autofill provider on your android device. I’m not super familiar with this setup, but I think it would mean that every time you’re autofilling from Bitwarden it might also surface Google Password Manager as an option.
Thanks, I guess I’ll have to do some testing. I think Bitwarden is super useful to have as the default autofill provider, it’s just setting it up for this very specific use case where you want to add the passkey for Bitwarden itself. I think it makes sense to have it set up for all of one’s devices. Appreciate your help, cheers!