bitwarden
Repeatedly Unexpected Error Occurred on Windows Hello Login
Steps To Reproduce
I'm using both (v2025.5.1 portable executable and latest 2025.6.0 dev) Let's call the 2025.5.1 - Client A and the 2025.6.0 build - Client B
Setup
Both clients should have the following settings under Security:
- Unlock with Windows Hello checked
- Ask for Windows Hello on app start checked
(Probably not needed but I've modified these during testing as well)
- Vault timeout 1min
- Vault timeout action Lock
Repro Steps
- Go to Client A, login with master password, lock the vault.
- Go to Client B, login with master password, lock the vault.
- Back in Client A, logout and login again with master password.
- Moving back to Client B now left with Windows Hello login state, it would now repeatedly error out due to the decryption not matching the access tokens anymore.
- You could do this vice versa as well as long as the opposite client was left to Unlock with Windows Hello and you re-login on another client.
Expected Result
I believe this should be a case where it should just automatically log out on systems which have outdated/invalid tokens due to the newer logins in the other clients invalidating the tokens.
Actual Result
Shows unexpected error repeatedly on the client that was left w/ the Windows Hello login even when restarting the client. The only way to stop it is to manually log out and reinput the credentials but that appears to not be clearly communicated to the end user.
Screenshots or Videos
No response
Additional Context
I've been working on a fix already so I'll just be sending in a PR for it.
I believe the fix should also help with other authentication issues encountered by other users (which were marked closed but this specific issue is still observable in the latest 2025.6.0 dev build so the PR should be a supplementary fix):
https://github.com/bitwarden/clients/issues/15054 https://github.com/bitwarden/clients/issues/15022
Operating System
Windows
Operating System Version
10
Installation method
Other, Direct Download (from bitwarden.com)
Build Version
2025.5.1 & 2025.6.0
Issue Tracking Info
- [x] I understand that work is tracked outside of GitHub. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Thank you for reporting this issue! We've added this to our internal tracking system. ID: PM-22468
Hello @zenocross,
Thank you for this report.
- How are you using Windows Hello? Is it via a Fingerprint or using Facial Recognition?
- Do you have
Unlock with PINactivated in either desktop client? - Are you able to reproduce this with a stable release (2025.5.1) of the desktop client?
Thank you in advance,
Hi @SergeantConfused,
- I'm using the PIN input method for Windows Hello. Facial Recognition and Fingerprints are not supported on my machine.
- Unlock with PIN is unchecked in both client settings.
- Yes, this was reproduced in 2025.5.1
Hello @zenocross,
Thank you. I have flagged this to the Engineering department for review; please feel free to post additional information, such as screenshots or a screen video recordings, if you wish.
Thank you again,
Hi @SergeantConfused,
I did have a PR for this (https://github.com/bitwarden/clients/pull/15111) which I submitted when i haven't signed the CLA yet. In the PR thread, it now says "All committers have signed the CLA." followed by "Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution."
Would that be an impediment to accepting the PR or is that fine?