I noticed this just started happening but Chrome no longer pops up with Bitwarden’s Passkey interface for Bitwarden.com. I only get the following interface:
PS: If you read my text there: to me it doesn’t seem to be a “Bitwarden exclusive” problem, because I have the same experience with eBay using KeePassXC as the passkey provider.
Is the passkey in question used for passwordless authentication, or as 2FA?
Ah - that’s probably it - I used WebAuthn to create a Bitwarden 2FA Passkey.
So perhaps in the future Bitwarden may need to support multiple Passkeys for different use cases for a single website. The current UI doesn’t distinguish what type of Passkey it is, hence I could not remember if it’s for login or 2FA.
@coolspot Sorry, but I’m very confused now. Are we talking about a passkey you saved in your Bitwarden vault for the Bitwarden vault? (like you can see the passkey in your “Bitwarden vault” item in Bitwarden?) → Because then it would be a “login”-passkey and not a 2FA passkey, right?
… or maybe…: Out of curiosity, I just tried to create a passkey via the Bitwarden browser extension (in my premium account) for my free test account. I couldn’t either create a 2FA passkey or login-passkey - in both cases the browser extension didn’t intercept the request. - Was it once possible (create and use) and now it’s “broken”?
PS: Obviously I couldn’t test now whether the login would have been possible with via the browser extension’s passkey…
Okay, I get it - it can be ignored… but I’m still confused where you stored that 2FA key in then?
Either way - your “user error” was quite interesting to me. Now I know, that the Bitwarden web vault ignores it’s own browser extension. (PS: to clarify that: at least in the sense, that the browser extension passkey-popup doesn’t show, when creating login-/2FA-passkeys from the web vault)
An example of two use cases would be using a passkey to login to (download) your vault and then using a passkey to decrypt the vault. In the first step, a passkey that supports (e.g.) user-presence attestation may be required; the second step does requires a passkey that supports the “PRN” capability. In this example, two passkeys would not necessarily be needed; instead one would more likely use a single passkey that supports both capabilities.
but I’m still confused where you stored that 2FA key in then
When I created a WebAuthn 2FA, my Bitwarden’s Chrome browser extension intercepted the request and created as a Passkey that was stored with my Bitwarden login entry. The passkey was not labelled as 2FA hence why I got confused.
On a subsequent log in to bitwarden.com, I tried using the 2FA Passkey and Bitwarden.com returned an error which led to my confusion.
Just a follow up to this - the Bitwarden extension does not seem to be intercepting the 2FA WebAuthN request consistently on bitwarden.com. Bitwarden sometimes pops up allowing me to select the key, othertimes does not - any ideas why?