I‘d love to see Bitwarden implementing a similar feature to that what 1Password announced two days ago: The ability to completely ditch the master password in favor using passkeys. (Technically speaking, all FIDO2 capable usb keys and smart cards should be able to comply with that, but more on that later.)
Technical details:
It‘s actually very simple, straightforward and fast to implement. The current account encryption key will be encrypted with the public key of the passkey. This process must be repeated if you want to add some backup Yubikeys for example. After authentification, the encrypted payload (aka the account encryption key) will be decrypted by the private key of the respective passkey.
Please note that this feature should be optional.
If you have any questions or comments, feel free to ask. I‘m open to other opinions and thoughts.
Have a great day!
(Message to the mods: This feature request is NOT the same as the „unlock database with yubikey…“ request, so please don‘t merge them.)
Bitwarden recently acquired passwordless.dev so they appear committed to this area. I hope passwordless sign in is introduced by Bitwarden this year as they have passkey support on their development map. I have added a vote to the other feature request as they appear very similar.
What would the future of a bitwarden vault look like if mankind transitions to these passkeys/passwordless system? Would each sites’ key still be able to be saved in each vault item?
It‘s actually very simple, straightforward and fast to implement. The current account encryption key will be encrypted with the public key of the passkey. This process must be repeated if you want to add some backup Yubikeys for example. After authentification, the encrypted payload (aka the account encryption key) will be decrypted by the private key of the respective passkey.
As @DoctorB suggested, the passkey (Fido2/WebauthN) api doesn’t really allow this. It allows for signing challenges, but you can’t encrypt/decrypt data directly. So while it could be used in the pre-auth, to replace the master-password-hash being sent over the network, you would still have to enter your password to decrypt the encrypted vault.
There are some other extensions, some of which are not developed / merged yet, which would make something similar to this possible. For example: https://github.com/w3c/webauthn/pull/1424
Did 1P support say which protocol they are using?
WebAuthn is not a general purpose encryption API.
I couldn’t be sure but I was expecting you to say your design was to use the hmac_secret extension in the CTAP2 protocol which does allow for a symmetric secret to be scoped to a credential, and seems to be supported in the latest versions of the main browsers.
Just a question as to why you would thing the other request should be closed, or this one not merged into the other.
As I understand standards are in the works but still nothing solid as of yet, Bitwarden being a member of the FIDO Alliance is highly committed to working with industry partners and closing watching any upcoming changes and stadardizations that may come to Passkeys.
Would you be so kind as to point out what I’m the previous posting has been implemented, or what is outdated comparatively from this post?
Maybe I‘m getting something wrong, but I think the other threads wants to use Apple‘s passkey for 2fa. And AFAIK, it doesn‘t make a difference from BW‘s side to implement it because it‘s already included in the Webauthn standard.
I like the idea. However, as you say it should be optional, therefore I think the title is a bit too strong (“Ditch the master password”). You might get more acceptance with a more moderately worded title.
Note: I searched before posting this. Couldn’t find anything like that.
Feature request headline: Replacing The Master Password!
As the passwordless is moving forward, I would like a feature that will allow me to log in to the bitwarden vault ONLY via passkeys or security key, not the master password. It’s more secure. I’m talking about all the apps. The web-vault, all the desktop, mobile apps and browser extensions, all of it.
BUT! Not without a backup, of course. I believe there should also be backup ways to log in, there could be many options such as email, recovery codes, fingerprint-phrase. I think you get the idea.
Right now logging in via the master password is risky because people can see me typing my password, and even though I type fast, I can’t be too careful here. I also have to remember the master password, changing it often.
It’s not just inconvenient, but also subjected to attacks or someone capturing my master password somehow. Anyway you get the idea, it’s less secure.
That’s it guys. I hope there are already plans laid out for that. If not, I’d definitely want to use the best password manager on earth this way.
But, as you can see, it is still in “Beta”, which more or less seems to mean, that it is (still) only possible to login via passkey to the web vault / web app.
I guess, @grb will dig into existing feature requests… if no appropriate feature request exists, it may be a feature request to request it for all other Bitwarden apps… though, as it is “Beta”, I guess it will come to all apps eventually… (whenever that may be)
Not clear yet what exactly OP is asking for. On the one hand, they seem to want to disable (or eliminate) the master password, but on the other hand, they wish to introduce back doors for account recovery (something that Bitwarden has deliberately avoided for security reasons). @W01V3N, is this an accurate summary of your proposal?
Personally, I think that introducing back doors for account recovery (e.g., recovery codes or password reset emails) would be muchless secure than simply keeping the master password as a fallback option if/when passwordless login fails. If someone can get your master password, why wouldn’t the same attacker also be able to get your recovery code or email password?
This part of your post was also confusing. Why are you changing your master password “often”? That is definitely not recommended.