Bitwarden, the open-source password manager, has introduced a new security feature allowing users to log into their web vaults using passkeys instead of traditional username and password pairs. Passkeys are considered a more secure alternative and are resistant to phishing attempts. Bitwarden’s implementation of passkeys is currently in beta and utilizes the PRF WebAuthn extension for authentication and encryption key generation. Users can now decrypt their vaults without the need for a master password, email address, or two-factor authentication (2FA), providing a secure and convenient method for accessing sensitive information.
The passkey feature relies on the PRF WebAuthn extension, an emerging standard that enables the creation of symmetric encryption keys from an authenticator, such as a security key. This extension allows Bitwarden to derive a unique, fixed value from a passkey, enhancing security without sacrificing user convenience. The passkey technology sources an encryption key from the passkey, making it a reliable method for encrypting and decrypting data within the vault. Bitwarden has provided a demonstration video showcasing how users can set up passkeys from the account settings menu during the beta phase, allowing a maximum of five passkeys for the web app.
During the beta phase, Bitwarden users of all plans can set up a maximum of five passkeys for the web app. The feature is currently available in Chromium-based browsers that support the PRF WebAuthn extension, with plans to extend it to more clients in the future. Passkeys offer an additional layer of security by generating encryption keys based on input data, ensuring that the same passkey can reliably encrypt and decrypt data for a specific online platform or service. Bitwarden aims to combine the security benefits of passkeys with its zero knowledge, end-to-end encryption protection for users’ sensitive information and credentials.
