Bitwarden Has Acquired Passwordless.dev

Bitwarden has acquired Passwordless.dev. Yes, a leading password manager is helping to lead the way to a passwordless world. And Bitwarden will get passkey support in 2023!

https://bitwarden.com/blog/bitwarden-extends-passwordless-leadership-with-acquisition/

Discuss. :grinning:

3 Likes

Good. (for us customers)

I watched the demo video https://www.passwordless.dev/ and it looks good.

Hopefully will remove this reliance on a super strong master password.

I understand BW will announce a new pricing structure in Q2 but free tier will still get passwordless.

1 Like

Announcing a “new pricing structure” seems like another way of saying that a price increase is coming.

You understand that Bitwarden’s pricing structure will change? I only read that there will be a passwordless.dev pricing structure that includes a free tier. I would hope that Bitwarden Premium would just adopt this feature and the price would remain the same. They can’t really increase it easily given that Apple and Google are offering this solution for free and it will be integrated and work seamlessly across devices. Will be curious to see how Bitwarden then differentiates themselves.

I also liked the video. This will do away with passwords and 2FA for sites. I am curious why the standard needs username/email addresses, though. I thought that could also just be stored with the public key on their service you are signing on to in a way that can be matched when your private key authenticates.

Also curious if Bitwarden will introduce the option of having the second public key that is locked to your device for critical sites you want to protect such as banking, email, and… your password manager. Google has this.

Still don’t understand how backups will work. I read up on it for Google and also get the iCloud model for Apple via keychain. But, how will Bitwarden allow you to back up your private keys? Will we be able to export them and store them encrypted locally? We have to be able to own our own keys in this new world. Not your keys, not your…

1 Like

They are explicitly referring to passwordless.dev pricing which they go into a little more in their FAQ. I think this is separate.

If passkeys are going to be ubiquitous, you won’t be able to get away with locking the feature away in a paid tier for long while Apple, Google, and Microsoft drive adoption. You’re going to need to be pulling in new users fast at the outset to stand a chance.

Will Passwordless.dev be integrated into the core password management solution?

…
Bitwarden plans to take advantage of the technology across the portfolio in the future.

 

Any idea what the above statement may refer be referring to?

I just assumed it meant introducing passkey support in Bitwarden. On the .dev site it says this is occurring in 2023.

1 Like

The latest release 2023.1.0 has support for passkey import via .json which would assume that once the support for storing Passkeys in your Bitwarden Vault that this could also be exported similarly.

Though as I understand it’s a big directive currently, and FIDO2 typically does not allow for simply export of private keys. So standards are currently being decided and Bitwarden is closely watching (as well as being a member of FIDO Alliance) any standards in the space.

1 Like

Possibly, but why make the statement so vague (“take advantage of”) if that is all they meant?

1 Like

You can see how Google and Apple could own the marketplace pretty quickly. I tried to set up a passkey last night on eBay and the only option it recognized and permitted was using iCloud Keychain. And as smaller sites on ramp to passkeys, many will take advantage of the Google and Apple integration to sign in via their sites, instead.

I suspect the passkey adoption curve will be fairly flat at first but then a tipping point will occur and it will dramatically spike and become ubiquitous overnight. The hope is that Google, Apple and Microsoft haven’t gobbled up the market by then.

Hopefully they‘ll use their new asset to implement WebAuthn in the desktop apps.

or “Log in with device”, which if I understand it correctly, is similar. Not identical but similar.

1 Like

Yeah, but I would be happy enough if the desktop app would support Webauthn. Now, I need to enable mail 2fa from time to time because the session expired, which is a bit annoying.