Face Unlock via Windows Hello causes NCryptDecrypt Error (0x80098044) #120
Description
This only occurs when using Face Recognition. When I use the PIN, everything works fine. This suggests that the protected key cannot be decrypted when using the camera.
Steps to Reproduce
- Set up Windows Hello with both PIN and Face Recognition
- Install KeePassWinHello and register the database using Windows Hello
- Try unlocking the database using Face Recognition
- Error
0x80098044is shown - Try unlocking using PIN → works without issues
Expected Behavior
It should be possible to unlock the database using Face Recognition, or at least there should be a setting to enforce PIN-only usage.
Environment
- Windows Version: Windows 11 Home 24H2 (Build 26100.3624)
- KeePass Version: 2.58 (64-Bit)
- KeePassWinHello Version: 3.3.1.0
- TPM: likely present (typical for Windows Hello, not explicitly tested)
- Secure Boot: active (assumed, standard on modern Windows 11 devices)
Additional Notes
- Face Unlock works fine for Windows login and other Hello-capable apps.
- Re-enrolling Face ID and resetting Hello did not solve the issue.
- It would be helpful to have a fallback or preference option to force PIN if Face is not supported for decrypting the key.