Bitwarden Adds Passkey Support … But Only to Its Web Vault
- Paul Thurrott
- Jan 11, 2024
-
5
No, this isn’t what I’ve been looking for. But Bitwarden advanced its support for passkeys in a very minor way today: Users of this password manager can now sign in to the web version of the vaults using a passkey, with no need to type a username or password. Except, of course, that they can’t. Because this company can’t get anything right when it comes to passkeys.
“Using a passkey to log into Bitwarden accounts combines the passkey security with the zero knowledge, end-to-end encryption protection that Bitwarden delivers for users’ sensitive information and credentials,” Bitwarden’s Ryan Luibrand explains. “This new innovative passkey technology allows Bitwarden users to authenticate and decrypt their accounts in a single step – all without using their Bitwarden password, 2FA, or even login email address.”
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
According to Bitrwarden, all you need to do is sign in to the Bitwarden vault website normally, navigate to Account settings > Security, and click “New passkey” under “Log in with a passkey.” Then, you have to type in your master password again, choose where the save the passkey (in Bitwarden or locally in the PC’s TPM security chip, I tried both), and give the passkey a unique name. Then, you can sign in to the Bitwarden vault in the future using the passkey.
Except, again, that you can’t: No matter where I saved the passkey, it then prompted me to enter my master password. Which is exactly what a passkey is supposed to prevent. I got the same results in two browsers, Brave and Edge, both of which Bitwarden says should work fully because Chromium-based browsers support PRF WebAuthn standard this feature requires. But it never worked, and so I had to type a master password, rendering this feature moot.
I was able to get passkey support to work with two external devices, a Yubikey and my Pixel 8 Pro. But authenticating with them requires multiple extra steps that undermine the convenience of passkeys. This should work right on the PC.
And maybe it will, someday. Bitwarden says that this functionality will come to other Bitwarden clients in future releases, by which I assume they mean the PC and mobile apps and the various web browser extensions. Hopefully, it works better when that happens, because this experience was incredibly disappointing.