✅ Store WebAuthn / FIDO2 Credentials in Bitwarden (Passkey support)

hajekj · October 31, 2023, 4:12pm

I would say very little, since they are already tagging the releases for October… Bumped version to 2023.10.0 (#3396) · bitwarden/server@1800e6f · GitHub

DoctorB · October 31, 2023, 4:52pm

Yes you’re right. I was begining to think there was some fundamental holdup around exporting passkeys but it seems the go ahead is imminent

Paapaa · November 1, 2023, 9:42am

But that is the server side. Having the suppor on server side does not necessarily imply the clients also support Passkeys. So that is why I asked. Any info on this? Is the support really ready for usage?

go12 · November 1, 2023, 1:39pm

Hi @Paapaa, Clients will be rolling out following the release last night. You might want to sign up for the Bitwarden and Passkeys event Nov 9 Bitwarden Events | Bitwarden

hajekj · November 1, 2023, 6:18pm

Well, here we go! Awesome job Bitwarden team!

Paapaa · November 1, 2023, 9:53pm

Did I understand correctly that only the browser extension will get the Passkey-support. Not the mobile app? How does one login using Passkeys on mobile?

Nail1684 · November 1, 2023, 10:46pm

@Paapaa :

Release Notes for the mobile app:

Link:

Nail1684 · November 1, 2023, 11:36pm

@Paapaa :

So the mobile apps get passkey functions… But: I just saw on the new help page for “storing passkeys” (Storing Passkeys | Bitwarden Help Center) in the “how to log in with passkeys in Bitwarden”-section, that there is indeed only the browser extension mentioned:

“… After selecting the passkey login option on a website, your system will prompt for passkey login. While Bitwarden is enabled, the Bitwarden browser extension will provide an option to login using the passkey stored in your Bitwarden vault. …”

I mean, we will see it soon and I can’t imagine, that no one has thought of the login function for the mobile apps, but it is not clear to me either at this moment.

go12 · November 2, 2023, 12:56am

Hi @Paapaa Passkeys are rolling out first to the browser extensions. Mobile will come in a future release. There is a Bitwarden and Passkeys event on Nov 9 that you may want to attend Bitwarden and Passkeys | November 9 | Bitwarden

Bal · November 2, 2023, 1:55am

How to disable passkey prompt ? because I dont want bitwarden to be my passkey, (somehow i feel it defeat the whole purpose of passkeys),

moreover, the passkeys prompt/popup is also a bit annoying that it pop on every login even on the site that doesn’t support passkeys, or more like even on the site that i dont save passkey on, I think the passkey prompt should match the credential it saved on. This make all sites that I have physical 2fa login will be prompted on passkeys.

I can’t find the options to “disable passkeys prompt” like on saving/updating password.

Warden2 · November 2, 2023, 7:03am

When will the browser extensions be released? Anxiously waiting

DoctorB · November 2, 2023, 11:28am

Which browser?
Edge was out yesterday. It normally takes a couple of days for Chrome and up to 2 weeks for FF.

grb · November 2, 2023, 3:26pm

I got the Chrome 2023.10.0 extension today. I don’t see any evidence of passkey support, though (but I admit I haven’t read the documentation to find out how passkeys would manifest in the browser extension).

DoctorB · November 2, 2023, 3:28pm

The passkey support is there in Chrome in 2023.10.0
I used it a few hours earlier. Created passkeys for Google and also used them to log in.
Also Brave browser.
However while it worked on my desktop it didn’t on my Surface laptop so expect 2023.10.1 soon

grb · November 2, 2023, 3:32pm

I guess the passkey support is transparent to the user unless you actively add a passkey (which I have not attempted). If you just open an existing login item for editing, there is no “passkey” field visible; also, there are no additional options under “Settings” that pertain to passkeys.

Handwrite8268 · November 2, 2023, 4:44pm

I already added 30 passkeys and it works pretty well on many sites like Mastodon, Adobe, Duo Security, GitHub, Microsoft, Proton,…
However, I have 2 issues:

On Google it is not recognizing them on login, so I can’t use them for google currently (I can register them, but upon login, it is showing “no passkeys for this application”)
On Amazon we can not register multiple ones for each Amazon domains without overwriting the existing one. We have to duplicate the vault entry for each Top Level Domain of Amazon, which will trigger a duplicate password alert later in the account reports (I’m using amazon.fr, amazon.de, amazon.com, amazon.com.be for example, and each one needs its own passkey as it’s the way passkeys are made to prevent phishing attacks)

Handwrite8268 · November 2, 2023, 4:50pm

You’re right you need to add a first one and you will see it right after

DoctorB · November 2, 2023, 6:25pm

Same here on Windows, but it does work with Google on my Mac and Raspberry PI !

If you go into Passkeys (in google manage account) and click “give it a try” button then it works OK but not if you actually login with Chrome on Windows.

Chrome / Windows

nothanco · November 2, 2023, 7:18pm

I haven’t thought about this. It’s an important issue and I imagine that this will be a problem on any site that uses more than one domain. I hope that in the future, it will be possible to add more than one passkey to a single vault item.

grb · November 2, 2023, 8:21pm

Would make for a good feature request.