I created a passkey in ProtonPass to secure my login to vault.bitwarden.com and I enforced it as a second factor for authentication. However, when I try to log in with a passkey it says:
Authentication failure: ResolveChallengeError(“Error authenticating: AuthenticatorError(2)”)
And when I try to log in with my master password + passkey, it doesn’t even ask for my ProtonPass passkey, it just pops up with a Windows dialog box asking for a passkey.
Did my passkey get corrupted somehow? Or does BitWarden not support ProtonPass’ version of passkey?
@pb.ljta9 Welcome to the forum!
… what do you exactly mean by “and I enforced it as a second factor for authentication”? – Did you follow the procedure described here: Passkey Two-Step Login | Bitwarden or did you do something else?
As this part involves using ProtonPass to use your – hopefully correctly stored in Proton Pass – Bitwarden-2FA-passkey, you’d have to seek help from the ProtonPass community or support. (well, or wait if someone here can help with that… I have no experience with ProtonPass)
Honestly, at first I would think of if it was correctly stored in ProtonPass. I’m also on Windows and these dialog boxes can be confusing – so, is there e.g. a chance your 2FA-passkey was stored somewhere else? (like in Windows Hello?)
I think the question should be the other way round: Can ProtonPass store a Bitwarden 2FA-passkey? – And again, you probably have to ask ProtonPass (community/support) this question.
PS:
You’d also have to ask ProtonPass how to use a passkey from their vault. (I don’t even know if they also have a browser extension or whatever… – and if you both had a BW and ProtonPass browser extension, you’d also have to make sure that there are no conflicts between both extensions on vault.bitwarden.com. It probably would make sense, to add vault.bitwarden.com as an excluded domain (Settings → Notification → Excluded domains) in your BW browser extension then, when you want to use the 2FA-passkey via Proton.)
I followed the same steps as any other passkey setup I’ve done. I added the key and protonpass popped up asking to add the passkey, which I accepted and it stored the passkey. I then enforced two-factor auth, but due to the incompatibility, I locked myself out. It’s not a huge issue since I can get my secrets another way. I was just making sure I knew the cause, which you have noted, so thank you.
1 Like
Nonetheless, for the next time you experiment with 2FA for Bitwarden:
-
make sure to always write down your 2FA recovery code on your emergency sheets (with the 2FA recovery code you can deactivate 2FA for your BW account to be able to login when you loose access to your regular 2FA options)
-
yeah, and maybe activate at least one other “safe” 2FA option as a backup