top | item 39732703

(no title)

dyml | 1 year ago

You can use any passkey provider app. I work at Bitwarden and we’re building mobile passkeys for android right now. We can do the e2e sync, but if you want you can always self host Bitwarden server and just use our clients app.

discuss

stavros|1 year ago

The BitWarden passkey dialog irks me because it makes me click the passkey I want, even if I have exactly one. It would be better to have a feature where I could specify "always use this passkey and don't prompt", since that's what I need 99% of the time.

lxgr|1 year ago

This has been annoying me as well: WebAuthN even provides metadata that lets authenticators know which credentials they're willing to accept, so at least in that case (usually the flows where you have to enter a username), auto-selection should be possible.

With discoverable credentials (which Passkeys by definition are), i.e. the flows where you don't even enter a username and the website learns it from the selected passkey, I don't think there's a way around a key selection process, but the UI can definitely be improved to distinguish the two.

Maybe something like "website XYZ is trying to verify your account 'username' – is that ok?" vs. "website XYZ wants to authenticate you – which passkey do you want to present to them (if any)"?

dyml|1 year ago

Good feedback, thanks! will bring it up when I’m back at work

josteink|1 year ago

This is such a big small thing.

Patiently waiting for passkey support on Bitwarden iOS to replace all my passwords everywhere.

Do you guys have any rough idea how far away you are from launch? Is it weeks? Months? Quarters?

lxgr|1 year ago

I'm already seeing Bitwarden as an option for Passkey authentication on iOS! Apparently the app already exposes itself to iOS as a WebAuthN backend (or the API is the same as that used for password managers).

Unfortunately that API doesn't seem to be wired to anything in the app yet, so selecting it inevitably fails.

dyml|1 year ago

Very soon