IINM, the browser (and operating system) have to support the PRF extension. And the security key has to support the HMAC-SECRET FIDO2 extension.
This is so that the security key can be used for vault encryption/decryption.
If the security key, for example, does not support hmac-secret extension, then it will be usable to authenticate you, but you will need to enter the master password to decrypt the vault (which makes that passwordless login kinda pointless).
@triceps-tamale Were you able to create a Bitwarden-passkey without encryption?
From what I see, it is said this K9 key can only be used for 2FA/MFA… I don’t read anything about the ability to saving passkeys. So my first bet would be, that that key can’t save any passkeys.
The only source I can find for that claim regarding the Feitian K9 is in their product description on Amazon — hardly an authoritative source.
Meanwhile, the Yubico Security Key NFC series can hold up to 100 resident (discoverable) credentials with Firmware version 5.7 and higher, or up to 25 discoverable credentials with Firmware versions 5.0–5.6 (source).
I did not get to that stage as the error message I get is the first step when I plug it in, before you get to the point where you have the checkbox to enable / disable encryption
I thought this is optional, so what you’re saying is that it’s a must. But that option appears as a checkbox that I assumed can be turned off. In any case, the error message I received was before I even got to the point where I could toggle the encryption / decryption
So then I can only repeat myself… This seems to not fail on the encryption-part (it never get’s to the part where PRF would come into play) - but I still guess, the stick isn’t able to store discoverable credentials (aka passkeys) ?!
No, no, it’s optional. I think @kpiris just wanted to emphasize, that it doesn’t make too much sense to have such a Bitwarden-login-passkey without encryption, as you still have to enter the master password then.
One general thing one could also check: are all relevant protocols/interfaces activated? I think, by default, they should be…
Though I don’t know if you can configure that at all with that FEITIAN key. - With a YubiKey, you can deactivate the FIDO/FIDO2 interfaces, and then you probably would get a similar error message, because it wouldn’t be possible to store discoverable credentials on that YubiKey, until the FIDO/FIDO2 interfaces get activated again.
It seems that your security key does not support discoverable credentials (that’s the type of credential stored in the key for passwordless login to bitwarden -and other sites too-).
Also: security keys have a limited number of slots to store that kind of discoverable credentials, it could be that your security key supports them but has no available slots (although I doubt that).
Did you try Passkey on a different site like GMail?
I had similar problems with Feitian K27 in Bitwarden website but in Google website does work fine as (both) Passkey and 2FA.