-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't unlock FF extension with biometrics anymore if Bitwarden is not unlocked #9333
Comments
Hello there, Will you try uninstalling the application, removing any leftover data, powering off and on your device and re-installing? Does this issue still persist? Guide to the leftover data: https://bitwarden.com/help/data-storage/#on-your-local-machine |
Hi @Krychaz, I've uninstalled both the mac client and firefox extension (and removed the leftover data, as instructed), restarted the machine, reinstalled them, and logged in to both. The problem is still there. With the mac client (from the app store) open - but not unlocked - the extension initially shows the same "Awaiting confirmation from desktop" message as before: But after a few seconds, nothing happens and "Awaiting confirmation from desktop" disappears: It works if I unlock the mac client. Before this wasn't needed, only that the client was running in the background. So it seems that some change in the mac client 2024.5.0 (or a change on the extension, not sure if that was updated. I'm using 2024.4.2) broke biometrics unlocking when the mac client isn't unlocked. |
Just to be sure it wasn't just Firefox: I've tested with Brave (Version 1.66.113; Chromium: 125.0.6422.76; arm64) and the same thing happened (extension version: 2024.4.2). Biometrics unlocking only works if the mac client vault is unlocked. With Safari, the "popup" comes up, but it doesn't unlock the extension. Works fine if I unlock the mac client. So it affects Firefox, Brave, and Safari. |
Can confirm this happens to me as well but on Windows 10 22H2 build 19045.4291 with Firefox 126.0 and Brave 1.66.113 With the new Bitwarden desktop app (2024.5.0). The extensions are running version 2024.4.2. I used revouninstaller to fully remove the previous version of the desktop and and installed the new one and it still has the same issue. |
Same here |
Seems this is now the expected "interim" behavior. BW employee responded in this reddit thread: https://old.reddit.com/r/Bitwarden/comments/1cyw9sp/extension_202450_always_requires_desktop_app_to/ |
If only there was a place to warn users about these changes... I don't know, the changelog for example. I guess that's reserved to more important stuff, like the very descriptive "- Bug fixes". We shouldn't have to learn about this via some random post on social media. |
If browser extension is older than desktop client then user gets no message, just a silent failure. |
Same here From the discussion at reddit above, what is the recommendation (if still wanting to use biometrics)? Is not locking the desktop app considered "secure enough"?
Please include an error message next time. |
@mwisnicki is correct. The message is there on extension v2024.5.0 and 2024.5.1, but it still only says that the app needs to be "started". Well, the app is open... but it doesn't work as it also needs to be unlocked. The problem is that the Firefox extension is still on 2024.4.2 and even the Chromium extension didn't update right away. Knowing that it takes time for extension updates to be approved - especially on Firefox - I still think these changes need to be better communicated. I rely on the changelog to learn about changes. Since on macOS biometrics only works with the version from the App Store and I've updated, I can't go back. I'm stuck with this update, which was supposed to only have "bug fixes". Now I need to change the way I unlock the browser extension or keep the vault unlocked all the time. |
I'm also wishing this behavior hadn't changed. I'll also add, since I don't think anyone has mentioned it, that even though I have the BW client set to allow unlocking with Touch ID, it doesn't give me that option. So if I want to use the BW browser extension to fill a password when the client is locked, I have to go through these steps:
These may be two unrelated issues, but it's annoying to have to type my password in the client so I can use Touch ID to unlock the extension. |
Hey @robwhess, I think it's a good idea to start a separate issue for this. But, why is TouchID (I guess Biometrics in general?) not an option for you? My workflow is:
Maybe it's a bug or misconfiguration in your app? One thing to remember: You need to basically keep the Client App running and set it so that it only minimizes when closing and just "locks" itself for using biometrics, since it's recommended not to use it on first start of the app (for me that's right after starting my device), although there is an advanced option to even allow that. Then, when opening the App, it should give you the option for Biometrics. Might depend on version and OS of course. |
Thanks for the input @pascal-ws. When I said Touch ID was not an option, what I meant was that the BW client doesn't give me the option to use Touch ID to unlock it, only password. This is despite having the "Unlock with Touch ID" setting turned on. I do also always have the BW client app running. It correctly always shows in the Mac menu bar. The issue is that when it locks itself, I can't use Touch ID to unlock it for some reason. Interestingly when the BW client app first starts (e.g. when I restart my machine), I can use Touch ID to log in (I also have the "Ask for Touch Id on app start" option enabled), but that's the only time I can use Touch ID with the client app. |
Thanks @gdurys. I hadn't seen that. |
Issue occurs on Arc as well, do hope for a solution. |
Can repro with Edge on Windows |
The issue is still present in 2024.06 |
So, I've been having the same behaviour too both on the latest and previous releases of Bitwarden. However, I've noticed that if I use Touch ID when the "popup" comes up it doesn't work, but if I instead enter my computer password in that "popup" (not the Bitwarden master password in the extension itself, which also works, obviously) - then it works to unlock the browser extension. Odd... you'd expect biometrics and computer password to offer the same authorisation behaviour. |
Actually, just tried this again... what's actually happening is that regardless of whether I use Touch ID or I use the computer password, it will unlock the extension but only if I click away from the extension and then click for a second time. Very weird. Also it then locks again after a short while... but doesn't show the lock icon. |
I opened a ticket with support and they responded the same way - this is the expected temp behaviour. Sadly, the docs are not updated to reflect that and I agree that this change should have been announced somehow. They also said that they are trying to come-up with a better approach that will maintain security while providing the convenience of the old behaviour. |
I get the same behaviour in 2024.6.2. It appears to not unlock with biometrics, but if I tap away and then tap the extension again then it's unlocked... |
any update ? |
Would love this behaviour changed to how it was before! |
This change makes "unlock with biometrics" in browser pointless.
In case 1, why do I need to unlock twice with the same biometrics? |
Yeah, This issue has been an unnecessary pain for a while now. I hope they check and release it soon. |
Hello, This has been addressed with #9945 and this has been merged to |
Seems to be working now and it's even mentioned on the changelog. Much better. Thank you to everyone involved. |
🎉Thanks for all the hardwork, it was a really annoying problem. |
Steps To Reproduce
Expected Result
Until the Bitwarden client (installed via the app store) was updated to "2024.5.0", I could have the client running in the background locked, and when I used the browser extension, the "popup" window to use my fingerprint would come up and using it, the Bitwarden Firefox extension would unlock.
Not requiring the client to be unlocked was good, as there's no need for content to be available if we're just using the client to process browser extensions requests to unlock via biometrics.
Actual Result
Since the update to the 2024.5.0 client, the option "unlock with biometrics" on the Firefox extension stopped working if the Bitwarden client itself isn't unlocked.
The extension doesn't show an error or tells users what to do. The "popup" saying that Bitwarden is trying to unlock my vault never comes up and passing my finger over the reader doesn't do anything. The extension is never unlocked.
Screenshots or Videos
No response
Additional Context
No response
Operating System
macOS
Operating System Version
macOS 14.5
Web Browser
Firefox
Browser Version
Latest stable/beta/ESR
Build Version
FF extension: 2024.4.2; macOS client: 2024.5.0 (app store)
Issue Tracking Info
The text was updated successfully, but these errors were encountered: