Remove Phone as a WebAuthn Security Key

Hello,

without any active doing from my side suddenly when I am prompted in Chrome in Windows10 to confirm my U2F Security Key I am also presented with the option to confirm my identity with my (android) Phone.
When I check the 2 factor authentication page in my bitwarden account I can see a second entry under WebAuthn besides my U2F key, but this one is not removable.
I do not want the option to confirm my login with my phone, I want it to be strictly with the U2F key. I haven’t found anything yet how to get rid of the phone as an authentication mechanism, I only could backtrack it that it somehow seems to be related to google chrome and/or my google account.
Help is appreciated, thank you.

I hope it’s not super belated, but I’m seeing this as well. To be safe, I’d like to remove the WebAuthn entries. However, as mentioned above I don’t have a means of manually removing these ones.

It’s a new feature from Google (Chrome). If you’ve never added your phone to your Bitwarden account Webauthn 2FA, your phone couldn’t be used as 2FA device.

Hi.

I have exactly the same issue noticed today.

How do i remove it?

I also only want security keys to be added.

Should say I am using Brave browser so could be behind the Chrome implementation.

Thanks.

Rich.

Just to add.

I have today tried to uninstall the Bitwarden app off the phone and it still pings it from the web vault somehow!

Highly frustrating and cannot stop it?

My other account stored on a Huawei phone doesn’t do this?

I suggest everyone having this issue to go to their Google Account settings and check their GOOGLE options for MFA. Especially if they are on mobile, because I believe you gave Google Play Services permission to use your phone as a security key.

I became the owner of my first set of yubikeys yesterday and this was my first (and hopefully only) problem with them. They work as expected now. :grin:

2 Likes

I have just checked and it is shown as follows:

Only way to remove it there is sign out of the account by the looks?

How did you get around that stupid idea?

Thanks.