Passwordless Password Manager Problems (Premium)

The problem with security products and technologies is that they're often too difficult to use, causing people to give up on them. This is why I'm so excited about passkeys, a new passwordless authentication technology for online accounts that is both secure and convenient, and is thus already being adopted by online services and their users at a rate not achieved by more complex security solutions like security keys and authenticator apps. And it's why I'm so unhappy with password managers, which in my experience are too difficult to use, especially in their default configurations.

This is going to change. All the leading standalone password managers have announced that they will allow their users to securely unlock their vaults using locally stored passkeys instead of forcing them to remember and type a master password. In doing so, password managers will become passwordless, and this configuration is in many ways the holy grail of security in that it is---or will be---both secure and convenient.

In the meantime, we have to deal with the password managers we have today. And while the two top-rated password managers---Bitwarden and 1Password---do provide passwordless experiences on smartphones thanks to their integration with the integrated biometric- and PIN-based sign-in methods on those devices, the experience in Windows is less ideal. Bitwarden lets you unlock its password manager using Windows Hello PIN or facial or fingerprint recognition, but the experience is so complicated and unreliable that I literally spent weeks trying to make it work consistently across multiple PCs. And 1Passkey released a public beta version of its password manager in mid-December that only supports passkeys (meaning there's no password or secret key), introducing its own complexities. Key among that it's incredibly unreliable, doesn't work like other passkeys, and requires you to create a new account. (That latter issue will be resolved by the time this feature exits beta.)

Neither product is both secure and convenient, no standalone password manager is (in Windows). But when Bitwarden works, it is what I think of as convenient enough. The good news is that once it works, it works well, and this configuration doesn't require any security compromises. Which I will get to below.
What led me down this path
First, though, I'd like to discuss how I got here.

This has been a long and frustrating journey because security is difficult. Difficult to configure correctly. Difficult to replicate that configuration across multiple devices. Difficult to explain to others. And it's in a state of flux. The industry has taken multiple steps over the years to achieve a passwordless future in which easily guessed and frequently reused passwords are no longer necessary. And with passkeys, we're finally get there thanks to its perfect blend of security and convenience.

This is great. But security is like any other kind of technology in that the introduction of so...