Can I log into Bitwarden.com on a browser using a computer where there are not any Bitwarden browser extensions installed and the use Passkeys stored in my Bitwarden vault to log into another website on the same browser? I’m asking because I am wondering if using passkeys means I can no longer use a computer that is not mine, and where I am unable to install the extension on the browser. An example of this might be at work or at a public library, and I don’t have my phone or other personal device.
No, it doesn’t mean that. (putting other security considerations aside for the moment)
Indeed, on the machine itself you would need the BW browser extension to handle passkey authentication. (BTW, that is expected for the desktop app as well, whenever it arrives.)
It seems with that restriction to your question it would be “impossible”. If you had your BW mobile app on your phone with you, you could scan the passkey login QR code (i.e. use cross-device authentication, which would need bluetooth on both ends, though). – Another possibility would be to use a separate hardware security key that stores the passkeys.
Like @Nail1684 said, to use passkeys stored in Bitwarden, you need one of these: 1) the browser extension (now), 2) the desktop app (future, currently in beta), or 3) a mobile app that supports passkey cross-device authentication.
I agree with Nail1684 that using passkeys stored on a security key is a good way to maximize security. Even that has some risks: 1) your session tokens can be stolen and reused while they’re active (if you’re not logged out or an attacker takes over your account), and 2) your passkey PIN can be observed and the security key stolen. How much do you trust a publically maintained/used system?
Using a security key with built-in biometrics can help mitigate risk #2.