Passkey User Verification Independent of Vault Unlock Method

Well this turned out to be very off-topic…

@kpiris @bwuser10000 @DenBesten @Nail1684 Please not that this feature request takes it as a given that Bitwarden will require User Verification for each Relying Party that requires it, at the time of authentication. I am only proposing that Bitwarden make the User Verification method distinct from the vault unlock method.

If one or more of you want to make a new feature request, to propose that Bitwarden revert to returning UserVerified = True whenever the vault is unlocked, please go ahead. There are clearly arguments both for and against such behavior, but such discussions are not relevant to the current thread.

If there are any further comments about whether Bitwarden should be performing User Verification after unlocking, I will move them either into either @bwuser10000’s recent discussion thread “Passkeys - can you turn off the master password verification for sites?”, or into any new feature request thread that materializes for this alternative proposal.

3 Likes