cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
era
New member
Status: In development

Firefox supports WebAuthn, but as far as I could tell only with hardware tokens. I could not find a word about Firefoxs support of Passkeys (like Apple announced recently) anywhere

Personally I don't know why passkeys werent adopted much sooner, it seems such a long hanging fruit to just store the key in the FF password manager.

I use FF to support a web where there is not only one option, like Chrome, but FF keeps falling behind and behind instead of being at the forefront. This should be a top priority.

147 Comments
heksesang
Strollin' around

@eraFirefox is a browser and not a password manager.

era
New member

@heksesangIf I get a system popup in FF that asks me where to store the passkey (iCloud or any 3rd party PW manager), there is zero reasons FF can not do the same.

Your argument is the same as "you are holding your phone wrong"...

Eatham
New member

@era @heksesang 

 It would be nice to always use the system implementation when available but (last time I checked, could've changed) the windows implementation did not support using another device. Mozilla should have instead implemented a temporary solution like chrome did that lets you use both off-device and on device passkeys.

As for storing passkeys in the browser, that is a terrible idea. This would lead to browser lock and never being able to switch browser, syncing passkeys defeats the point of them as the device is no longer a second factor, and most importantly browser passwords are stored in a file that can be copied to another computer if the device is compromised.

heksesang
Strollin' around

@EathamI think the latest release of Windows 11 supports passkeys on other devices now, but I am still on beta channel so cannot say for sure if it has gone live for the general public yet.

But yeah, a dialog for older Windows releases and Linux would be nice (I cannot use passkeys from my phone on Linux in Firefox now).

@eraThey can add their own dialog (like how Chrome has done), I think they have mentioned adding that, but I am not sure if they have confirmed supporting storage and syncing of passkeys in Firefox directly (it's more work if they need to implement passkey storage and sync). Chrome does this by using Google Password Manager as the storage backend, but I don't think Mozilla has something like that (they had Lockwise, but discontinued it).

Hyourinmaru
Making moves

I have to say that I would never store a passkey in Firefox and that this task should still be done by an operating system's credential center - DPAPI in Windows, Gnome Keyring or KWallet in Linux and Keychain in macOS and iOS - or corresponding password managers such as Bitwarden or 1Password.

Yes, Firefox has an integrated password manager, but this is more of a quality of life feature than a real password manager, since Firefox is still primarily an Internet browser. In addition, on the one hand, the main password for this is not stored in the credential center of the operating system, which would therefore be better protected, but on the other hand, a main password is not even absolutely necessary for the Firefox internal password manager in order to protect the passwords themselves. A security risk in my opinion.

Firefox should only allow passkey generation and storage through the operating system's credential center where it triggers it. What would also work is that you can recognize the Firefox instances via the logged in Firefox account and use them to gain access to security keys in, for example, Android smartphones and thus also be able to use the Passkeys that are stored on such smartphones, as in Google Chrome is possible with the Google account.

(Sorry for my bad english. ^^")

casperghst42
New member

Why not just let people use the password manager they choose, as it is right now. Then it is only op for Firefox to make sure that the passkey is generated correctly, and store in / retrieved from the choosen password manager.

mickeymond
New member

I am happy to say that this has been implemented in Firefox 122.0 and it works on Windows 11 & MacOS Sonoma.

tammx
New member

Firefox 122 release notes say it supports passkeys, however I can not get it to work. It only shows the "Touch your security key to continue" popup like it has always shown, before passkey support was added. It shows no option to save the key in iCloud keychian.

Release notes for 122 say:


 

Firefox now supports creating and using passkeys stored in the iCloud Keychain on macOS.





Just not possible - is there something that I am missing?

casperghst42
New member

@tammxI would not know, I do not use iCloud Keychain which makes it useless for me.

They need to make it possible to store passkeys in a password vault of ones own choosing (1P, enPass, Bitwarden, etc.).

I don't absolutely need passkeys, they would be nice to have. I'll just wait.

jlaundry
Strollin' around

@tammx if you go to about:config and search for security.webauthn.enable_macos_passkeys, what is the value? (It should be true)

spinningtop
New member

Just created a Passkey on Firefox on MacOS, saved it right to my iCloud keychain.

Woohoo!

Honza
Employee
Employee

Quick update on Passkeys:

Firefox 122 supports the creation and use of passkeys stored in the iCloud Keychain on macOS. All credit goes to the Security team for their work on this development.

More details provided by the Security team:

  • Web Platform support of Passkeys is available on
    Windows, MacOS, Android, iOS, Linux (though there is not platform passkey provider on Linux. We support Passkeys stored on USB security keys on Linux).

  • Sign-in with nearby Device is available on:
    Windows (11) and MacOs (13.4); not Linux, though Chrome does not support nearby on Linux either.

See also Firefox 122 release notes:

https://www.mozilla.org/en-US/firefox/122.0/releasenotes/

If you are experiencing any bugs, please file a report here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=DOM%3A%20Web%20Authentication

wgenuit1
New member

Any update on PRF implementation? I can login to Bitwarden web vault using the passkey on my phone, but it still requires me to enter my password in order to decrypt the vault?

GenteelBear
New member

Sign-in with nearby Device is available on:
Windows (11) and MacOs (13.4); not Linux, though Chrome does not support nearby on Linux either.

Chrome doesn't support it on Linux? Maybe it's something different, but just now I was able to login to my google acount via chrome using passkey saved on my iPhone by scanning QR code.

9Life42
Strollin' around

Excited to see passkey support progressing!

I hope there is a plan to add support for passkeys stored in a password manager (1Password, Bitwarden, Dashlane, etc.) soon too 🤞. I use Firefox on Android and macOS and both could greatly benefit from third party passkey support!