I’m using Linux, Opensuse Tumbleweed, Gnome, Wayland, Firefox and Chrome. I successfully registered my Hyper FIDO2 USB-A key and my Yubikey C NFC FIDO2 key with my Bitwarden web vault. Then when I try to login into my Bitwarden web vault neither key works. I get these error messages. See screenshots below. I successfully used both keys to login and authenticate at webauthn.io. What other info you need?
Chrome error message with both keys:
0-------------Firefox error message with both keys:
@m3110w Hi!
Did you set them up for “passkey”-2FA or as a “login-with-passkeys”-passkey? Or both?
And when you try to login now, are you talking about the “2FA request” creating this error message? Or are you using the “Log in with passkey” button?
I’m asking these things, because both “passkeys” are not interchangeable. In other words: when you (only) set up a 2FA-“passkey”, then the “Log in with passkey” button won’t work – and when you (only) set up a “login-with-passkeys”-passkey, then this passkey can’t be used for the 2FA-login-part.
PS: So, you must set up both things, if you want both things to work.
Thanks for your reply. I set them up here:
Is this “passkeys 2fa” or “login with passkeys”? I can’t tell. How can I tell?
0------
I live in India. Is that a problem for Bitwarden passkeys FIDO2 keys?
This is “passkey-2FA”. You can tell, because the caption is “Two-step login” = 2FA. You can see that in the corresponding Help Sites as well: Passkey Two-Step Login | Bitwarden
No, that shouldn’t be a problem, as far as I know.
The “login with passkeys” section in the web vault (Settings → Security → Log in with passkey) looks like this:
And you can also see that in the corresponding page of the Help Sites: Log In With Passkeys | Bitwarden
Can a single FIDO2 device be registered and used as both a 2FA key and a Login key? (Gemini Pro 2.5 says, “Yes. (pause) Well…maybe.”
I just registered my Yubikey FIDO2 device with “Login With Passkey”. Then I logged out of BW and successfully used the Yubikey to log back in without entering a password. Cool. That was my goal. Looks like I’m all set. Anything else I should know or be aware of?
I also registered my Hypersec FIDO2 key and it’s also working to login. Nice.
PS. Any idea when the Bitwarden passkeys will come out of beta?
Well, I would say:
don’t deactivate 2FA for your Bitwarden account/vault → the “login-with-passkeys”-passkeys are additional at this moment in time, and you can still log in with your master password (and if your account had no 2FA, it wouldn’t be protected by that)
for 2FA in general: write down your 2FA recovery code on your emergency sheet(s)!
I saw in your screenshot for the “Two-step login”, that you have activated email-2FA, TOTP/authenticator app and “passkey-2FA” (with your security keys now) → the most secure is “passkey-2FA” and you could think of deactivating email-2FA and/or TOTP – but I don’t know your usecases etc. (and only reduce it to “passkey-2FA” - if at all - when you have at least one backup security key with a 2FA-passkey, and, as written before, when you have your 2FA recovery code safely stored…
there is a corresponding feature request: Ditch the master password in favor of passkeys
at the moment, you also still can’t use BW’s login-passkeys for confirming some account or administrative actions → corresponding feature request for that: Options to allow PRF Passkeys to authorize actions and account/security changes protected by Master Password
and the feature request for “login with passkeys” for all BW apps: Sign into Bitwarden with a passkey / "Login with passkeys" (for all BW apps)
No, unfortunately not…
PS: Ah, and when you now have login-passkeys for your Bitwarden account/vault on your hardware security keys, don’t forget to set a strong FIDO2-PIN on/for your hardware security keys - see here: YubiKey Login PSA: Set a strong PIN!
And if you are now interested in having more than 5 login-passkeys…: Support more than 5 "login-with-passkey"-passkeys for the Bitwarden account/vault (FIDO2 passwordless login)
At last, here the feature request for unlocking with passkeys/FIDO2: Unlock with FIDO2/“passkeys”
The Kingston IronKey Locker+ 50 USB Flash Drive is not compatible with Linux. You know of any hardware encrypted USB drives that are compatible with Linux? I want a hardware encrypted USB drive that can hold up to 5 passwords and output the right one when I press a button on the drive. Thanks!
Yes, good reminder. I set a 6 digit PIN for both keys.
Yes! Would be really nice to login to my BW browser extension using my FIDO2 keys.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
