search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
8.98k stars 1.18k forks source link

Desktop app doesn't reliably show "Unlock with Windows Hello" option #3817

Open ejain opened 1 year ago

ejain commented 1 year ago

Steps To Reproduce

  1. Have one or more accounts set up with "Unlock with Windows Hello" enabled.
  2. Happily use Windows Hello to unlock your accounts, until one day...

Expected Result

The "Unlock with Windows Hello" button on the "Your vault is locked" screen is shown for every account that has "Unlock with Windows Hello" enabled,

Actual Result

The "Unlock with Windows Hello" button on the "Your vault is locked" screen may or may not be shown for one or more of the accounts, in which case the account has to be unlocked by entering its master password. Having entered the master password, unlocking with Windows Hello usually works again, until it doesn't...

It's also worth noting that the behavior of the Bitwarden browser extension in this situation is a bit strange:

  1. Click "Unlock with biometrics" in the browser extension.
  2. Windows Hello prompts for and accepts the fingerprint.
  3. The browser extension doesn't register anything, no error, and I can keep clicking "Unlock with biometrics" and scanning my fingerprint all day long. I need to either enter the master password in the browser extension, or open the desktop app and enter the master password there to resolve the situation.

Screenshots or Videos

No response

Additional Context

This has been an issue going back many versions. I have done multiple clean installs after each new version, no luck.

I have also noticed the same issue on a separate macOS installation, but it's not quite as frequent there.

Operating System

Windows

Operating System Version

Windows 11 Pro (10.0.22000)

Installation method

Direct Download (from bitwarden.com)

Build Version

2022.10.0

Issue Tracking Info

ejain commented 1 year ago

I figured out a way to reproduce this issue:

  1. Sign in to two accounts ("A" and "B") in the desktop app
  2. Enable "Unlock with Hello" and "Ask for Windows Hello on launch" for both accounts
  3. Sign in to account B on the Chrome extension
  4. Enable "Unlock with biometrics" and "Ask for biometrics on launch" in the Chrome extension
  5. Lock all vaults in the desktop app and in the Chrome extension
  6. Select account A in the desktop app (but don't unlock)
  7. Attempt to unlock the Chrome extension

-> Windows Hello prompts for the fingerprint, accepts it, but the Chrome extension doesn't unlock. Meanwhile, in the desktop app, the "Unlock with Windows Hello" option disappears for account B! If in step 6 I make sure that account B is selected in the desktop app before attempting to unlock the Chrome extension, everything works as expected.

ejain commented 1 year ago

Still reproducible with 2023.1.1

ejain commented 1 year ago

Still reproducible with 2023.2.0

ejain commented 1 year ago

Still reproducible with 2023.4.0

TroyBW commented 1 year ago

Hi there,

I attempted to reproduce your issue and was unable to do so. If you are still experiencing this behavior in version 2023.7.0 (or later), in the Bitwarden desktop application settings, there is now an option to "Ask for Windows Hello on app start" OR "Require password or PIN on app start." Please double-check that you have the appropriate setting enabled.

If your issue persists, please write us back using our contact form, so we can continue troubleshooting: https://bitwarden.com/contact/

You can include a link to this issue in the message content. The issue here will be closed.

Thanks!

ejain commented 1 year ago

It's still 100% reproducible for me with 2023.7.1 (desktop) and 2023.7.0 (browser extension) using the exact steps described above. I have "Ask for Windows Hello on app start" enabled. Note that you need to have multiple accounts set up to unlock with Windows Hello, all accounts must be locked, and only then do you trigger an unlock from the browser extension for an account that is not currently selected in the desktop app. Instead of unlocking, the option to sign in with Windows Hello is disabled, and you have to sign in with the master password once before being able to use Windows Hello for that account again.

bobvandevijver commented 11 months ago

Seems the latest version behaves even worse (2023.9.1), it now also looses the Windows Hello button seemingly randomly.

ejain commented 10 months ago

Still reproducible with 2023.10.1

ejain commented 9 months ago

Still reproducible with 2023.12.0.

BJReplay commented 6 months ago

Still reproducible with 2024.2.0