I’m using the latest version of Vivaldi (7.0.3495.26) with the extension enabled, and the Windows 10 Hello passkeys (TPM 2.0).
I successfully created a passkey to log into the Bitwarden webvault, although it did give me warning “encryption not enabled”. After I then tried to use that passkey to login, I get an error:
“An error occured: Invalid passkey. Try again”
What could be going on here?
@Skysoblue Welcome to the forum!
To paraphrase the Help Center documentation, Both your browser and authenticator (e.g. Yubikey, Windows Hello, etc.) must be PRF-capable in order to support using the passkey for vault encryption and decryption.
Vivaldi is Chromium-based, so it should be PRF-capable, but Windows Hello is not PRF-capable; in addition, Windows 10 is known to have issues with PRF-capable passkeys.
Not sure why you cannot use the Windows Hello passkey for authentication without encryption, though. Are you clicking the Login with Passkey link on the Web Vault login form when this error is occurring?
Hey grb, thank you so much.
I was not aware of the limitations imposed by Windows 10, I thought that since I was able to create a passkey, it was working correctly. I’m now also seeing a bunch of requests from users asking Windows to support PRF, so I guess the only option would be to upgrade to Windows 11, or hope they’ll fix it in Windows 10 soon.
Yes, I’m trying to log into the web vault with “login with passkey”.
I have not heard that Windows Hello is not expected to work at least for the authentication part of such a login on Windows 10 (although you would still have to type in your master password to unlock/decrypt the vault). You might consider contacting support for help investigating this issue.
To take that up again… okay, like @grb also cleared up - that the encryption is not enabled is due to Windows 10 and Windows Hello… but indeed, you should be able to use the passkey without encryption.
From my own experience, first thing I would guess is, that the passkey maybe didn’t land in Windows Hello but somewhere else. Windows Security coming up and asking a few times where to store it, can easily go the wrong route…
I don’t have Fingerprint or Face recognition on my desktop - and I remember from a few months ago, I had to choose more than one time just PIN (because Windows Hello is set up with a PIN for me then)…