Beta: Windows Native Passkeys

[abergs]

🎟️ Tracking

PM-8354

📔 Objective

This PR introduces beta builds of the Bitwarden Windows native passkeys provider.

This feature allows users to securely register and access their Bitwarden passkeys on Windows 11. With a native flow, passkeys stored inside Bitwarden will be available in browsers and native apps, enabling a better UX and broader support for apps.

While reviews and in-flight work happens in other branches, this PR will be used for producing build artifacts that can run on Windows 11 GA machines without development certificates etc.

Beta advisory: Betas do not feature production level quality or testing. We advise you to use a separate and dedicated Bitwarden account for testing when running beta builds to make sure you do not suffer any data-loss.

Latest builds

Downloading a beta build from the below links require a Github account.

• Windows 11 x64
• Windows 11 arm64

Please note that you must be on Windows OS build 26200.7019 or later.

📸 Screenshots

⏰ Reminders before review

• We do not encourage reviews on this branch since we are likely to force push to it.

[github-actions]

Checkmarx One – Scan Summary & Details – 0f7327c2-327b-4eed-b5db-c7931458175f

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-10890	Npm-electron-36.9.3	details Recommended version: 39.2.0 Description: Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted H... Attack Vector: NETWORK Attack Complexity: LOW ID: EwXq2NSBdnZf0zJG4nW6co44lXsjv0YW8PjWdgyg6O8%3D Vulnerable Package
	CVE-2025-62595	Npm-koa-2.16.1	details Recommended version: 2.16.3 Description: Koa is expressive middleware for Node.js using ES2017 async functions. A bypass to CVE-2025-8129 was discovered in the "Koa.js" framework, affectin... Attack Vector: NETWORK Attack Complexity: LOW ID: SkTMMVymvHRUzUNm8%2FUfThtoGYaFBC0aFJmyP5z73zs%3D Vulnerable Package
	CVE-2025-8129	Npm-koa-2.16.1	details Recommended version: 2.16.3 Description: A vulnerability, which was classified as problematic, was found in KoaJS Koa versions through 2.16.1 and versions 3.0.0-alpha0 through 3.0.0. Affec... Attack Vector: NETWORK Attack Complexity: LOW ID: WsTBuZTRJ%2BMq8cvd4%2F8ltfRrvBKsu%2B5x35Nk8wWTY78%3D Vulnerable Package

[MrCaspan]

Guys the links to the builds for x64 and AMD are both 404s

[ron442]

Guys the links to the builds for x64 and AMD are both 404s

Do you mean the links for the x64 and ARM builds? The ones in the first post of this thread?

Just checked and they work.

[MrCaspan]

Guys the links to the builds for x64 and AMD are both 404s

Do you mean the links for the x64 and ARM builds? The ones in the first post of this thread?

Just checked and they work.

Yes they are working now.. they were throwing a 404. when I posted, all good thanks

[abergs]

They require you to be signed in to GitHub.

[MrCaspan]

They require you to be signed in to GitHub.

Yes that is what it was.. weird that it gives a 404 and not just a "please log in"

[ChihweiLHBird]

Any estimation when this can be merged into main? It has been a valuable feature to me, and I would love to see it in a released version.

[okikidavid18-a11y]

Assistant

[ayanmw]

Hope this works, but it's still draft.

[RandyAllenEEE]

Is this featuring still in the roadmap? Looking forward for the merge.

[pamperer562580892423]

@RandyAllenEEE:

Is this featuring still in the roadmap? Looking forward for the merge.

Why not look in the roadmap, if it is still in the roadmap?

[RandyAllenEEE]

@RandyAllenEEE:

Is this featuring still in the roadmap? Looking forward for the merge.

Why not look in the roadmap, if it is still in the roadmap?

Thanks! I wasnt aware that there is a roadmap page for the project.

[cpatrick008]

Can this beta be updated it's from October 2025, or can it be available in the release version?

[abergs]

@cpatrick008 I appreciate that you want to see this go live, we do too! We're currently working on unblocking this (there are blocking dependencies that we are working on) and once that is done we hope to resume work and bring it to production.

[cpatrick008]

Between that and wanting a version with ths feature on a version that is more secure with updates.

…

On Mar 2, 2026 at 05:47 -0600, Anders Åberg ***@***.***>, wrote: abergs left a comment (bitwarden/clients#17316) @cpatrick008 I appreciate that you want to see this go live, we do too! We're currently working on unblocking this and once that is done we hope to brin DuckDuckGo removed one tracker. More Report Spam abergs left a comment (bitwarden/clients#17316) @cpatrick008 I appreciate that you want to see this go live, we do too! We're currently working on unblocking this and once that is done we hope to bring it to production. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***>