Passkey not unlocking vault, need to enter password anyway

Hi everyone,

I have successfully created and stored a passkey using the iCloud Keychain option.
However when I try to log in with it (i.e. using biometrics on MacOS or iOS), I get redirected to a page saying that my vault is locked and I need to enter the master password to unlock it.

Is this normal behavior because encryption is not supported? Is it something related to a custom setting I may have on my side creating a conflict?
I do not see much sense in using a passkey if I have to unlock the vault anyway inserting my master password.

Thank you!

@giacospace Welcome to the forum!

You don’t disclose what browser you are using for your login attempts, but if it is not a Chromium browser, then you will need to supply the master password (because non-Chromium browsers are not PRF-capable, and therefore do not support encryption/decryption using passkeys).

In addition to what @grb mentioned, it’s worth noting that your authenticator (where you store the passkey) needs to support PRF in order to use the feature to unlock your vault without the need to enter your master password. You mentioned iCloud keychain, which I don’t believe supports PRF at this time.

Speaking of which, when will Bitwarden add PRF support to passkeys stored in the vault?

It’s on our roadmap, but the priority right now is delivering passkeys on mobile. :slightly_smiling_face:

Thanks! I’m actually using Brave but experiencing the same behavior regardless if macOS or iOS version

If I understand it correctly the iCloud Keychain could be the issue here. Honestly then, not sure why offer it as an option in the first place if it’s not working as intended. I’d assume many Apple users have used Apple iCloud Keychain for passkeys (I used it myself for GitHub or PayPal or Google while waiting for Bitwarden).
Appreciate your hard work on the project nevertheless! Keep it up!

Thanks for taking a look at the feature and providing feedback!

1 Like