Open kriswilk opened 9 months ago
Greenderella
commented
9 months ago Hi there,
Thank you for your report!
I was able to reproduce this issue, and I have flagged this to our engineering team.
If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.
Thanks once again!
simonefiorini01
commented
7 months ago Hello to all, I'm facing the same issue to website ebay.it.
Other sites work correctly.
Any update regarding the issue?
Thank you!
RoFrie
commented
7 months ago Any updates would be very interesting.
pamperer562580892423
commented
7 months ago Hi!
I can add my own experience with this, already around three weeks ago (= around March 20): I have the more or less exact problem with my created passkeys on ebay.de.
I could create the passkeys in Bitwarden for ebay.de - and could use them only once directly after creating them. (!)
But in the normal login process after that, I could never use them again.
BTW, when I write "them": a family member of mine uses KeePassXC (since version 2.7.7. they support passkey function) and created a passkey on ebay.de as well - but the exact same problem again. So it doesn't seem to be a Bitwarden problem alone.
I use Brave browser on Windows 11 - and I delete cookies and website data by closing the browser. I speculated, that maybe cookie data or else by ebay.de would safe the info that I have a passkey, and by deleting the cookie they don't recognise that?
Either way, because it is the same for me on Bitwarden and KeePassXC, I speculated further, that it is maybe more a problem of the eBay website itself, that it somehow directs the passkey request directly to Windows Hello and third party password managers are not able to get this request at all? - Or maybe the process of "intercepting" passkey request can be improved by Bitwarden (and KeePassXC)?
Would be interesting to know what it is, because I reckon, ebay is not the last site where things like that will happen with passkeys...
oeloo
commented
6 months ago I have the same issue on ebay.fr, I cannot use my Passkey from Bitwarden for eBay: it trying to request Windows Hello instead
Is there a way to force eBay to request Bitwarden passkey? using for example a userscript set to ebay domain.
d33pjs
commented
6 months ago I'm not sure why not one dev is looking at this or replied to at least one of the multiple issues to this on github. Passkeys are an important thing for security in the future and this feature is just broken since months. We don't know what the problem is or when we could have an fix for that. That means, using passkey with bitwarden is just not reliable at the moment. And that's incredible annoying. Especially if you use passkey as mendatory 2fa, sometimes (as someone already mentioned) creating and the first login works fine, but all logins after don't. This is critical and can lock you out of a service! I'm a big fan of bitwarden, but the way, how bitwarden deal with all the passkey problems, really let me loose trust in this project.
pamperer562580892423
commented
6 months ago @d33pjs On the one hand, I totally agree... But on the other hand, the same problem happens to me with using KeePassXC and I think it is at least also a problem of the websites itself (directing the passkey request directly to the OS and maybe won't allowing to let it be intercepted by third-party password managers?), so we should make eBay etc. aware of that problem as well, I think. Maybe they are not implementing passkeys "standard-conforming" enough and are too restrictive with third-party password managers?!
pamperer562580892423
commented
6 months ago @d33pjs And just another thought comes to my mind: why doesn't my OS - in my case Windows 11 - allow to redirect the passkey request from eBay etc. to third-party password managers like Bitwarden, KeePassXC etc.? Maybe the OSs also have to change something here in the long run...
d33pjs
commented
6 months ago @pamperer562580892423 You're right. Maybe, this isn't a problem of Bitwarden. On the other Hand, I think some of the Bitwarden Devs are already aware of what the problem is exactly and they just don't tell us. It feels like, they left us alone (in the rain) with the problem and don't care. I mean, aren't they using passkeys by themself and running into the same problems as we do? Even that would be a nice hint somehow?!
Sorry, I didn't explain good enough what I'm expecting from Bitwarden in my last message: of course, if they can't fix it, because web-devs (of ebay and a couple of other websites/services like Nextcloud) didn't implement passkey support "the right way", I would be very happy to get at least that information. Maybe so I/we as a community can get in touch with the right parties somehow (ebay support, nextcloud community...).
But at the moment I don't even know how to debug the problem. And if a Bitwarden dev would finally take care and tell us/me what to do or what/how to debug, or how we could help Bitwarden to find a solution, I would do it. Because I really want to move to passkey with Bitwarden.
And yes, maybe there is a problem with the OS, too (but I'm experiencing the same behavior on mac os aswell as on Linux (Ubuntu, Elementary and Kali) and Windows).
Liassica
commented
5 months ago I have this issue whenever I use the "Use a passkey" prompt shown by Chromium. E.g. with GitHub, the browser prompt (red) results in this behavior, whereas using the button from the site (green) works as expected.
For sites with a dedicated "Sign in with passkey" button like GitHub this is not much of an issue, but for sites that don't (e.g. Roblox) it's an annoyance because it means I essentially can't use passkeys for those sites.
My browser is Ungoogled Chromium 125.0.6422.60 and my extension verson is 2024.5.0.
pamperer562580892423
commented
5 months ago @Liassica Yes, same with the "use a passkey"-browser prompt. BTW: thanks to you I now know that this is the browser... so it seems not only the OS prompts (like Windows Hello) but also the Chromium-browser-prompts don't "lead" to third-party-passkey-usage...
lakeland1990
commented
5 months ago In fact,the webside of bitwardern it self has this problem too
oeloo
commented
4 months ago For sites with a dedicated "Sign in with passkey" button like GitHub this is not much of an issue, but for sites that don't (e.g. Roblox) it's an annoyance because it means I essentially can't use passkeys for those sites.
I agree it is annoying. Is there a way to disable the prompt "Use a passkey" in Chrome for some websites specifically (like github.com, ebay.com)?
Liassica
commented
4 months ago @oeloo
Is there a way to disable the prompt "Use a passkey" in Chrome for some websites specifically (like github.com, ebay.com)?
Not to my knowledge. There's no settings or flags related to passkeys and the only enterprise policy related to passkeys is for MacOS and unrelated to the prompt itself. Since it's a browser element and not a web page element, you also couldn't use a content blocker like uBlock origin to hide it.
oeloo
commented
4 months ago It cannot be removed neither with a Chrome setting nor ublock origin 😕. It is a pain because it even shows up in front of BW login drop-down list.
Steps To Reproduce
Expected Result
Bitwarden popup should appear offering to supply the stored passkey.
Actual Result
Windows Hello default security prompt appears.
Screenshots or Videos
Passkey stored successfully in associated vault item:
Browser prompt offering to use a passkey:
Result of clicking the prompt:
Additional Context
This issue is virtually identical to #7456, which was closed and then reopened because it wasn't fixed.
For the record, passkeys for other sites work absolutely fine (GitHub, Google, etc.).
Operating System
Windows
Operating System Version
10 and 11, both with latest updates.
Web Browser
Chrome
Browser Version
121.0.6167.140
Build Version
2024.1.1
Issue Tracking Info