Passkeys - can you turn off the master password verification for sites?

@bren1 Welcome to the forum!

Upgrade your browser extension to version 2024.7.0, and you should not be asked for passkey user verification anymore (at least for the time being).

By the way, this requirement had nothing to do with “best practices”, and everything to do with standards compliance and certification. Therefore, you can expect some form of user verification to be re-introduced in the future (albeit not in the form of a master password re-prompt).

2 Likes

Any eta on when 2024.7 is supposed to come out? I still have 2024.6.2 in edge and 2024.6.3 in firefox with no updates available

Yes please, this antifeature is so annoying that I changed my passphrase to a short word, which I’m sure is very much the exact opposite of increasing security.

Its release has not yet been announced. This link is a good place to keep an eye on what is coming out.

Lately, the dot-zero releases tend to come out mid-month, and if the particular piece involves a “vendor store”, that tends to add a few days because the various stores have approval processes that kick in after Bitwarden submits the release to them.

So, cutting off your nose to spite your face.

If you do elect to use a weak password, please do ensure that you have MFA enabled on your vault and that you have saved the recovery code onto your emergency sheet.

1 Like

Nope, cutting off my nose so I can breathe. It was either that, or use the TOTP codes instead of passkeys, because right now passkeys are unusable.

I use a PIN for unlocking (browser extension) - and therefore I get asked the PIN for passkey-user verification. I can use passkeys and are happy about that. For me, actually, it’s sad that it’s gone with the next release (at least for the time being - until an all-in-all better UV comes back, hopefully soon)

Oh, I can use a PIN for that? That’s fantastic tip, thanks!

1 Like

@13xforever Welcome to the forum!

Well this is an odd situation… Version 2024.7.0 was in fact released (which is why I recommended to upgrade), but as of yesterday, it seems that Bitwarden has pulled the release, reverting to version 2024.6.3/2024.6.4.

Not sure what’s going on — perhaps @cagonzalez can shed some light?

Hi all! The revert on user verification is merged and ready to release, we’re just waiting on some last minute bugs that need to be squashed before the release can go out. Thanks for your patience!

A bit more detail over on Reddit:

A mobile repository GitHub Release was created too soon and was removed. It’s going through a testing phase now and should be released next week

Looks like they got a few steps into the release cycle and reverted before completing the release.

Can you confirm that the 2024.7.0 client releases (e.g., for the browser extension) were in fact made public on GitHub for a short time and subsequently pulled? Would like to check that I haven’t lost my grip on reality! :sweat_smile:

I can at least confirm a release/release announcement for 2024.7.0 for web app, CLI and browser - and a “pre-release” for the desktop app (can see that in my emails as I subscribe the GitHub release notifications).

1 Like

I can confirm, yes. We know that some users get their builds directly from Github, and so to those users a new build showing up there == “released” but for Bitwarden’s purposes, it’s more so official submissions to app stores and a deployment of the cloud servers that qualifies something as released.

1 Like

Thanks for clarifying. How much of a lag is there typically between the posting of a build to the github.com/bitwarden/clients/releases page and the “official” release (assuming there is no need to pull the former), and is there a way for users to tell when a release is “official”?

Furthermore, can you confirm that what happened with 2024.7.0 was some kind of exception — i.e., that users should normally be able to assume that downloads from the github.com/bitwarden/clients/releases page are going to correspond to the final, stable release later made available through the app stores and Bitwarden’s Downloads page?

Typically, there is no lag. You can see more details about what happened in my post here, but suffice to say this was certainly an exceptional circumstance.

In the future, users should be able to assume that releases available from that url are stable releases that will be available through the app stores. In this instance, we failed to consider that there were users getting builds from that page pushed to them automatically through distribution channels that Bitwarden does not manage.

1 Like

My take is that it depends on what one is looking for.

The release notes in the Help Center are one of the last steps for a release, so them being published is the definitive record that a release has happened.

The Github release notes, on the other hand, are one of the earliest steps, so they are a good indicator that a release is starting.

I see it’s almost here, but not yet :wink:

@Micah_Edelblut In this comment chain on Reddit, you stated that the Help Center release notes are posted after a release has been “officially” released (e.g., pushed to app stores), yet there is no version 2024.7.1 of the Desktop app on Github yet (despite the fact that the desktop release has been mentioned in the version 2024.7.1 release notes in the Help Center). So now I am more confused than before… :confused:

Sure, I could have been more clear there:
The release of the Bitwarden cloud servers and web apps went out last night. With this, we published of the release notes. Typically, self-host release, client releases, and app-store submissions happen a day or two afterwards.

1 Like