You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you install the browser extension the Passkeys Web Authentication feature is disabled by default. This feature should be enabled by default.
Examples
The "Passkeys" related settings when installing the KeyPassXC extension in the browser:
Here the setting should be enabled by default.
Context
I have an existing database with (only) passkeys and wanted to use them on a new OS and browser. So I installed the KeyPassXC extension in my browser (Firefox and because it didn't work, Edge as well...). I successfully "connected" the KeyPassXC extension with the actual KeyPassXC application/database, as seen in the screenshot here:
When I browse a website with passkey login support I even see an icon in the login username field and an auto fill feature popup from KeyPassXC to enter my username from my database. This let me believe that everything is successfully connected and working between my browser and KeyPassXC application (and open database).
However, when I press the "Login via Passkey" button to try to login via passkeys, I always get a default "Windows security" dialog asking me to insert my USB security token stick.
This is not the dialog I'm expecting, I don't even have such an USB security token stick. So I checked online for several issues of the same kind from other users and do checks like "Is my browser version up-to-date?", "Is keypassxc-proxy.exe running?", "Is the setting security.webauth.credential_management enabled/disabled?" or "is the KeyPassXC application running?". But "nothing works", even though everything is working (it looks like that).
Finally, at some point I checked the settings of the browser extension and notice that the feature for using passkeys is disabled by default. Additionally, the feature "Enable passkeys fallback" is enabled by default, which IMO doesn't make sense when the "Enable passkeys" setting itself is disabled. So, after enabling the "Enable passkeys" setting, everything works as it should. I get a confirm dialog from KeyPassXC to login via my stored passkey.
That's why the setting "Enable passkeys" should be enabled by default.
The text was updated successfully, but these errors were encountered:
This feature is something I'd like not be enabled by default because it injects a script to every web page. That's something users might not be expecting. We could add a info message to the popup though.
The fallback option checkbox should be disabled if the passkeys option is not checked.
@varjolintu i think we should ask in the popup if the user wants to enable passkeys the first X times it is shown. Or something like that.
Maybe we should make separate page in the extension that is launched after the first install? It could give directly options for the user for enabling both Passkeys and HTTP Auth support, plus links to relevant guides etc.
Summary
When you install the browser extension the Passkeys Web Authentication feature is disabled by default. This feature should be enabled by default.
Examples
The "Passkeys" related settings when installing the KeyPassXC extension in the browser:
Here the setting should be enabled by default.
Context
I have an existing database with (only) passkeys and wanted to use them on a new OS and browser. So I installed the KeyPassXC extension in my browser (Firefox and because it didn't work, Edge as well...). I successfully "connected" the KeyPassXC extension with the actual KeyPassXC application/database, as seen in the screenshot here:
When I browse a website with passkey login support I even see an icon in the login username field and an auto fill feature popup from KeyPassXC to enter my username from my database. This let me believe that everything is successfully connected and working between my browser and KeyPassXC application (and open database).
However, when I press the "Login via Passkey" button to try to login via passkeys, I always get a default "Windows security" dialog asking me to insert my USB security token stick.
This is not the dialog I'm expecting, I don't even have such an USB security token stick. So I checked online for several issues of the same kind from other users and do checks like "Is my browser version up-to-date?", "Is keypassxc-proxy.exe running?", "Is the setting
security.webauth.credential_management
enabled/disabled?" or "is the KeyPassXC application running?". But "nothing works", even though everything is working (it looks like that).Finally, at some point I checked the settings of the browser extension and notice that the feature for using passkeys is disabled by default. Additionally, the feature "Enable passkeys fallback" is enabled by default, which IMO doesn't make sense when the "Enable passkeys" setting itself is disabled. So, after enabling the "Enable passkeys" setting, everything works as it should. I get a confirm dialog from KeyPassXC to login via my stored passkey.
That's why the setting "Enable passkeys" should be enabled by default.
The text was updated successfully, but these errors were encountered: