Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable "Passkeys" Web Authentication in browser extensions by default #2377

Open
Progman2002 opened this issue Nov 3, 2024 · 3 comments
Open

Comments

@Progman2002
Copy link

Summary

When you install the browser extension the Passkeys Web Authentication feature is disabled by default. This feature should be enabled by default.

Examples

The "Passkeys" related settings when installing the KeyPassXC extension in the browser:

passKeysSettings

Here the setting should be enabled by default.

Context

I have an existing database with (only) passkeys and wanted to use them on a new OS and browser. So I installed the KeyPassXC extension in my browser (Firefox and because it didn't work, Edge as well...). I successfully "connected" the KeyPassXC extension with the actual KeyPassXC application/database, as seen in the screenshot here:

connected
When I browse a website with passkey login support I even see an icon in the login username field and an auto fill feature popup from KeyPassXC to enter my username from my database. This let me believe that everything is successfully connected and working between my browser and KeyPassXC application (and open database).

However, when I press the "Login via Passkey" button to try to login via passkeys, I always get a default "Windows security" dialog asking me to insert my USB security token stick.

defaultDialog

This is not the dialog I'm expecting, I don't even have such an USB security token stick. So I checked online for several issues of the same kind from other users and do checks like "Is my browser version up-to-date?", "Is keypassxc-proxy.exe running?", "Is the setting security.webauth.credential_management enabled/disabled?" or "is the KeyPassXC application running?". But "nothing works", even though everything is working (it looks like that).

Finally, at some point I checked the settings of the browser extension and notice that the feature for using passkeys is disabled by default. Additionally, the feature "Enable passkeys fallback" is enabled by default, which IMO doesn't make sense when the "Enable passkeys" setting itself is disabled. So, after enabling the "Enable passkeys" setting, everything works as it should. I get a confirm dialog from KeyPassXC to login via my stored passkey.

That's why the setting "Enable passkeys" should be enabled by default.

@droidmonkey droidmonkey transferred this issue from keepassxreboot/keepassxc Nov 3, 2024
@droidmonkey
Copy link
Member

@varjolintu i think we should ask in the popup if the user wants to enable passkeys the first X times it is shown. Or something like that.

@varjolintu
Copy link
Member

This feature is something I'd like not be enabled by default because it injects a script to every web page. That's something users might not be expecting. We could add a info message to the popup though.

The fallback option checkbox should be disabled if the passkeys option is not checked.

@varjolintu
Copy link
Member

@varjolintu i think we should ask in the popup if the user wants to enable passkeys the first X times it is shown. Or something like that.

Maybe we should make separate page in the extension that is launched after the first install? It could give directly options for the user for enabling both Passkeys and HTTP Auth support, plus links to relevant guides etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants