passkey support of Bitwarden seems around the corner.
I’m on Windows (and Android) and use Firefox, and obviously the Bitwarden Firefox extension then… I’m wondering how to deal with passkeys and Bitwarden as long as Firefox doesn’t fully support passkey usage. Maybe still a bit early to ask this question, but maybe someone from the Bitwarden team can shed a little bit of light on that?!
Thanks, and I’m really looking forward to the passkey feature!
PS: I know - Windows could be also an issue… but I’m on Windows 11 and I think the coming update (“Moments 4”) will further support passkeys, that is why I think, Firefox will be more of an issue here.
I just signed into my Google account with a passkey on Firefox (Win10) so support might not be as bad as you think.
I seem to recall having to register the passkey on Chrome however but that was a few months back.
… in general - if anyone does know it - it would be interesting to know, whether the passkey-function of Bitwarden depends on the passkey support of the browser and OS? Respective: in which regard it depends on the browser and OS, and what works even with (still) passkey-unsupported browsers/OS’ or what might not work then?
Are you talking about using the BW browser extension (?how to get passkeys to work in Firefox on Linux)?
I utilize the passkey support via BT browser extension on Linux all the time (well, at least for the few target sites that currently support passkeys). Granted I’m using Brave but I would expect the browser extension would work the same on Firefox. Perhaps not though.
Here too as has been mentioned already, it would be nice to know if passkey support requires support on the browser itself. Meaning, do those comments about Firefox relate to the password records on the Firefox browser itself/only, or does it also include extension behavior such as BW?
@bwuser10000 That remains a question for me as well. One thing I am certain of: since Firefox doesn’t support PRF yet, the “login with passkey” function of Bitwarden currently doesn’t work completely (the encryption/decryption part doesn’t work without PRF).
@bwuser10000 … And it’s even more confusing, because the OS seems to play a role in this as well - as you can see for example in the issue “Windows 10 and PRF” (the “login with passkey” function doesn’t seem to work then even when your browser supports PRF) or, as you and @bit mentioned, the situation with Linux… or the situation with Android (my current info - I hope it is not wrong: general passkeys support with Android 9 and above, but third party passkey storage only possible with Android 14 and above?!?)…
When you mention “the encryption/decryption part doesn’t work without PRF”, what functionality is then missing in that situation?
On Windows with Firefox, the BW browser extension acts like everything is working with passkeys with no indication that anything is amiss. And in that setup, passkeys successfully work to login to sites. But now I’m wondering what, if anything, isn’t technically working correctly, and the ramifications.
On Linux with Firefox, however, it’s another story. The BW browser extension doesn’t seem to support passkeys. Or maybe it’s a bug? It’s hard to know without accurate and thorough documentation.
You described here the use of your passkeys in your Bitwarden vault to login to other sites and that seems to work fine.
What wouldn’t work as far as I know while using Firefox (= PRF missing) in that moment: when you open Firefox and login to your Bitwarden web vault… and want to activate the “login with passkey” function… then you can setup a passkey there, but not “with encryption”. So you would have a passkey, e.g. on a YubiKey, and could login to your web vault, but because the encryption with this passkey is missing, you would have to enter your master password.
Would you do the same with a browser which supports PRF (Chrome, Brave, …), then the created passkey could be “with encryption” and then, when you login with this passkey to the web vault, you would have to enter only your PIN or biometrics.
PS: In this context “with encryption” means, as I understand it, that this passkey “with encryption” is able to encrypt/decrypt your vault - and that is why you don’t have to enter your master password then, because this passkey is able to do, what your master password did before (or still does).
This help site here Storing Passkeys | Bitwarden Help Center doesn’t mention the different OS… I would assume, the BW browser extension for Firefox (under Linux) also supports passkeys…
[BTW: are the browser extensions for a specific browser different for the different OS - or are they the same? I really don’t know… and didn’t know until now, that it didn’t know… ]
It would be interesting to know, if e.g. using Brave or Chrome delivers the same results for you - otherwise I would bet, as far as I know, the (main) problem here is Linux not supporting passkeys…
Thanks for the links. Determining if the content is current is always the big challenge.
This help site here Storing Passkeys | Bitwarden Help Center doesn’t mention the different OS… I would assume, the BW browser extension for Firefox (under Linux) also supports passkeys…
This makes me wonder if there is a bug in the BW browser extension, or elsewhere (or a configuration issue). The best way to get that answered may be for other users and the BW devs to chime in.
…are the browser extensions for a specific browser different for the different OS - or are they the same?
This is a good question, and the answer isn’t as obvious at it may appear. Typically, the extension will be the same, but the code path within the extension may be different. This is because an extension can tell on which OS it is running, and can branch to different code depending on the OS.
It would be interesting to know, if e.g. using Brave or Chrome delivers the same results for you - otherwise I would bet, as far as I know, the (main) problem here is Linux not supporting passkeys…
I consider myself very flexible, but I do have a simple rule that I don’t run any Google/Meta/Twitter/X executable code. So, unfortunately, I won’t be able to test those browsers myself. Such a test would yield useful results, however.
There’s also another possibility: that BW support for passkeys in Linux requires some configuration or dependency. I haven’t found any specific documentation on the topic, so hopefully other users or BW devs can provide feedback.
As the OP I can “reveal”, that some months ago I also switched from Firefox to Brave and couldn’t be happier. BTW: if there are so many questions about “Passkeys and Linux”, maybe you should open a separate thread to that so that others can more easily contribute their Linux-experience with passkeys.
Thanks for that information; it’s very helpful. I think that means Linux is not the limiting factor by itself.
You mentioned that you use passkeys “on the phone over Bluetooth and using the BW browser extension”. What do you mean by “on the phone over Bluetooth”? Do you mean to login to sites in a browser on a mobile (Apple, Android, etc.) device connected via Bluetooth?