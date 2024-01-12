Bitwarden Unveils Revolutionary Passkey Login Beta for Enhanced Security

Bitwarden, the renowned password management service, has launched a passkey login beta for all its users, providing an unprecedented level of access and security to its vaults. This groundbreaking feature, available to both premium and free-tier users, leverages passkeys—a trailblazing passwordless technology overseen by the FIDO Alliance—to allow vault access without necessitating a master password.

Enhanced Security with Passkeys

Passkeys offer a formidable upgrade in security compared to traditional passwords. They are both phishing-resistant and user-friendly, as they eliminate the need for users to remember or store sensitive information. The crux of their security lies in the private cryptographic key that makes up the passkey—an undisclosed piece of information that significantly strengthens security measures.

Bitwarden’s FIDO PRF WebAuthn Extension

To maintain end-to-end encryption for the user’s vault, Bitwarden harnesses the power of FIDO’s PRF WebAuthn extension. This extension, still under development, ensures the unwavering security of user data. Remarkably, the introduction of passkeys eliminates the requirement for users to input a master password, username, or 2FA. Instead, it utilises device-based authentication methods such as fingerprint, face recognition, or PIN, along with FIDO2-compliant security keys.

Consistent Encryption and Multiple Passkeys

The PRF WebAuthn extension enables the creation of a consistent encryption key from the passkey for each specific site. This ensures that the encryption key needed for vault access remains constant, bolstering the security framework. Users are given the flexibility to create up to five passkeys for their vault, each of which can be individually named for easy reference.

At present, the passkey feature is available exclusively for the Bitwarden web app on Chromium browsers. However, plans are underway to extend this feature to other Bitwarden clients, including mobile apps, amplifying its reach and utility.