You understand that Bitwarden’s pricing structure will change? I only read that there will be a passwordless.dev pricing structure that includes a free tier. I would hope that Bitwarden Premium would just adopt this feature and the price would remain the same. They can’t really increase it easily given that Apple and Google are offering this solution for free and it will be integrated and work seamlessly across devices. Will be curious to see how Bitwarden then differentiates themselves.
I also liked the video. This will do away with passwords and 2FA for sites. I am curious why the standard needs username/email addresses, though. I thought that could also just be stored with the public key on their service you are signing on to in a way that can be matched when your private key authenticates.
Also curious if Bitwarden will introduce the option of having the second public key that is locked to your device for critical sites you want to protect such as banking, email, and… your password manager. Google has this.
Still don’t understand how backups will work. I read up on it for Google and also get the iCloud model for Apple via keychain. But, how will Bitwarden allow you to back up your private keys? Will we be able to export them and store them encrypted locally? We have to be able to own our own keys in this new world. Not your keys, not your…
They are explicitly referring to passwordless.dev pricing which they go into a little more in their FAQ. I think this is separate.
If passkeys are going to be ubiquitous, you won’t be able to get away with locking the feature away in a paid tier for long while Apple, Google, and Microsoft drive adoption. You’re going to need to be pulling in new users fast at the outset to stand a chance.
The latest release 2023.1.0 has support for passkey import via .json which would assume that once the support for storing Passkeys in your Bitwarden Vault that this could also be exported similarly.
Though as I understand it’s a big directive currently, and FIDO2 typically does not allow for simply export of private keys. So standards are currently being decided and Bitwarden is closely watching (as well as being a member of FIDO Alliance) any standards in the space.
You can see how Google and Apple could own the marketplace pretty quickly. I tried to set up a passkey last night on eBay and the only option it recognized and permitted was using iCloud Keychain. And as smaller sites on ramp to passkeys, many will take advantage of the Google and Apple integration to sign in via their sites, instead.
I suspect the passkey adoption curve will be fairly flat at first but then a tipping point will occur and it will dramatically spike and become ubiquitous overnight. The hope is that Google, Apple and Microsoft haven’t gobbled up the market by then.