Passkeys - Spec-Compliance ?!

I just was made aware of this link: Known Issues | and wanted to share it here. Bitwarden and some other password managers are listed here and most seem to not handle the “User Verification” spec-compliant yet. I guess, one part of this is, that our passkeys in Bitwarden can’t be “protected” or verified in a use-case with a PIN/biometrics or else, right?

By the way - on this website, in the menu on the left, there is also some info about different OS and their implementations of passkeys. Might be interesting also, for some folk… :slightly_smiling_face:

(I chose “app:all” as a tag in the hope, that some day, the passkey support will be available everywere - of course, as in the mentioned link, at the moment it regards only the browser extensions)

PS: From the “About” section of “ is brought to you by the W3C WebAuthn Community Adoption Group and members of the FIDO Alliance.”

1 Like

Weirdly, the whole “Docs” section of that website does not load for me. Everything to the right of the left-hand nav menu is blank, no matter what I click on. Tested it in Chrome, Edge, and Firefox.

Although it seems reasonable to presume that such verification would occur at time-of-use, the spec does not call out when the verification must occur.

Bitwarden does verify the user at the time the vault was unlocked. By the letter-of-the-law they are compliant, but by the spirit-of-the-law they may not be.

Switching to widescreen instead of portrait did it for me.

Thank you, fellow portrait mode user! Your comment gave me the idea to change the Zoom level, and the content appeared when the Zoom was reduced to 80%.