Support more than 5 "login-with-passkey"-passkeys for the Bitwarden account / vault (FIDO2 passwordless login)

omniproc · January 14, 2024, 10:36am

As already discussed here there’s a need for users to have more than 5 physical keys added to their account. That previous topic was about supporting more than 5 keys for 2FA, this one is, as discussed in the previous topic, specifically about increasing that limit for passwordless login too.

This FR is to increase the number of passkeys that can be added. My suggestion would be at least 8 but more is probably better in this case.

th6mas · September 23, 2024, 6:41pm

I agree big time. Hopefully, an implementation will be swift.

Nail1684 · March 21, 2025, 12:12pm

Sidenote: I updated the title with the currently used terminology (before, the title was “Support more than 5 passkeys for passwordless login”).

Nail1684 · December 11, 2025, 6:52pm

Whoa… now we’re talking:

github.com/bitwarden/clients

PM-29652: Increase the limit of passkeys to 25

main ← anders/increase-passkey-limit

opened 06:14PM - 11 Dec 25 UTC

abergs

+51 -22

## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-29652 ## 📔 Ob…jective This PR increases the limit of passkeys from 5 -> 25. When the UI has more than 10 passkeys, e.g. 12, it shows a button "Show more (2)". Related to/soft dependent on: https://github.com/bitwarden/server/pull/6725 ## 📸 Screenshots <img width="984" height="627" alt="image" src="https://github.com/user-attachments/assets/6c40d68f-9e4b-4018-a335-dcc21910664c" /> <img width="983" height="704" alt="image" src="https://github.com/user-attachments/assets/a908a8c1-f253-4fbe-8269-d9bef7b28eb9" /> ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes

github.com/bitwarden/server

PM-29652: Increase the limit of passkeys to 25

main ← anders/increase-passkey-limit

opened 06:09PM - 11 Dec 25 UTC

abergs

+1 -1

## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-29652 ## 📔 Object…ive This PR bumps our passkey limit from 5 -> 25 for users. There was no specific reason 5 was picked, and with the upcoming Login in passkey features a higher number is more reasonable to avoid users running into the limit. Related to UI change: https://github.com/bitwarden/clients/pull/17931 ## 📸 Screenshots ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes

th6mas · December 11, 2025, 7:26pm

plus ditch all plans moving away from Bitwarden…

ip9 · May 10, 2026, 5:00pm

Description:
While there is a limit of 10 passkeys to be used as a 2nd factor, currently, the system limits the number of usable passkeys to 5 per account to logon and decrypt.

While this may cover basic use cases, it is insufficient for power users and professional environments that rely on a mix of ecosystem-based and physical security keys.

The Problem:
A standard modern setup quickly exhausts the current limit:

3 Platform Keys: Syncing across primary ecosystems (e.g., iCloud Keychain for iOS, Google Password Manager for Android, and Windows Hello).
2 Backup Keys: Standard security best practice involves at least two physical hardware keys kept in separate locations.

With 5 keys registered, the limit is reached. This leaves no room for additional (hardware) keys required for devices that do not support platform sync, such as Linux workstations or restricted corporate laptops.

Proposed Solution:
Increase the maximum number of allowed passkeys to 10 (or more) to be used for login and decryption. This would then match the number of keys currently usable as a 2nd factor.

Key Benefits:

Improved Accessibility: Users can authenticate on “non-standard” systems (Linux, work-managed devices) without deleting existing keys.
Enhanced Redundancy: Provides headroom for users to maintain multiple backup hardware keys.
Future-Proofing: Accounts for the growing trend of device-bound passkeys across various operating systems.

ip9

Nail1684 · May 10, 2026, 5:08pm

@ip9 Welcome to the forum!

I’ve merged your request with this existing one on the same topic.