I use my Passkey for passwordless login with Google on Firefox just fine.
That is irrelevant, because your Google passkey does not do any encryption/decryption, and therefore does not require PRF support.
Yes, it is used by Bitwarden, if you enable it when you register the passkey. Which is only possible if you use a PRF-capable browser. Conversely, if you don’t enable encryption for your passkey, or if you use a non-Chromium browser (i.e., a browser that does not support PRF, and therefore is incapable of enabling encryption), then the encryption is instead done using your master password — which is why you are asked to enter your master password when logging in with a passkey that does not have encryption enabled.
The following links may shed further light on how passkeys work in Bitwarden:
1 Like
Do you mean signin to web vault?
If so which browser and OS are you using?
@DoctorB They are using FireFox for passkey login into the Bitwarden Web Vault. I have tried to explain why this can’t be done without entering the master password.
If @packetauditor is using Firefox and he wants to see passkey login in it’s full glory (login with encryption and no master password), then I suggest he tries Chrome or Brave .
However, if they are using Windows 10 then no browser will support encryption on Windows 10 in my experience, even those that work on Win 11.
1 Like
I have a question, I’ve been using BW for some time now and I wanted to try this Passkey option. How ever, after I create the passkey (in Brave on Win11) no mater what I do it shows “Encryption not supported” and I’m required to enter my master password? Am I missing something or am I not understanding how it works.
I tried this on my iPhone 12 Safari browser and the same thing happens
??
@Walter Welcome to the forum!
Where are you storing the passkey? In addition to using a PRF-capable browser to mediate the communication between your passkey and the Bitwarden Web Vault, the platform where your passkey is stored must be compatible with encryption-enabled passkeys. This is not always the case (in fact, even the passkeys stored in a Bitwarden vault are not encryption-capable!).
I think you will need to be using a USB security key for the passkey to get encryption support.
I mention this because you don’t say and it matters for encryption support.
I know from my own experience that both Yubikey 5 and Nitrokey 3 both work OK and anything else I try doesn’t work today (may change in future).
Thanks for the info, maybe in the future we can all use this feature without a costly add on device. Nothing against USB key guys, they have a place where the threat level justifies the cost. But they haven’t meet my “WIFE”…
Thanks again…
Tracking issue for WebAuthn PRF support in Firefox: 1863819 - Support WebAuthn PRF extension
Add yourself to the cc list on that bug if you want to be notified when PRF support is implemented in Firefox.
2 Likes