I’m a paid user of Bitwarden and I genuinely like the service. I’m transitioning to passkeys and I have a fundamental question about how Bitwarden stores passkeys. I’ll bet I’m not the first to ask about this, so if there’s a link or links to a previous explanation, that works for me.
With a device-specific passkey, the passkey is stored in the device’s secured hardware and never leaves the device. This is a big part of what makes a passkey so secure.
But if I’m syncing my passkeys with Bitwarden, won’t they leave the secured hardware of my device? How else could Bitwarden get ahold of my passkeys in order to sync them?
And if Bitwarden is able to access my passkeys, couldn’t an attacker do this too?
There are two different types of passkeys, device-bound which utilizes hardware, and syncable which can be used on multiple devices. Yubikey implements the former; Bitwarden implements the later.
Why two types? Not everyone has the same priorities in their risk analysis. For example, you may want device-bound for increased theft-resistance, and I may want syncable for increased fault-tolerance (e.g. I can back it up).
Passkeys are not about just about the local storage. They also use asymmetric encryption to ensure that an adversary in the middle can not steal or even proxy one’s credential, and it is computationally infeasible (with current tech ) to brute-force them.
Yes — use only device-bound passkeys like those stored on a YubiKey or in Windows Hello (the non-syncable kinds) to make sure the secrets never leave the hardware. Syncable passkeys are not only synced, they can also be exported and imported.
Hm. Yes – but, historically, what we now call “device-bound passkeys” were there years before the name “passkey” along. The new thing with passkeys indeed was that they now also became syncable. (= syncable or software-bound passkeys)
There may be a confusion here… Bitwarden won’t take your hardware-bound passkeys and just syncs them now also. When you store passkeys in Bitwarden, they never were/are stored on hardware, but “live” just in software – in Bitwarden. (though, I think, there are some efforts to make Bitwarden also able to use existing device-bound passkeys)
As it is now, Bitwarden is only able to access passkeys that you store in your Bitwarden vault. And then, probably the same security mechanisms to protect your vault are necessary as before. (or maybe more)
Thanks for everyone’s replies, which I really appreciate.
Maybe I need to review my original research on passkeys. As I understand it, one of the critical advantages of a passkey - I may be thinking of a device-bound passkey here - is that the passkey never leaves the device. Thus, it cannot be intercepted in transition across the internet, and it cannot be exposed in a data breach.
Furthermore, if I understand correctly, inside the device the passkey is stored in specially secured hardware that is not accessible to software, and encryption/decryption of keys is only performed inside that hardware.
All this is what makes a passkey so superior to passwords. I can’t imagine giving up those advantages by letting software - Bitwarden or anything else - have access to my passkeys, unless I’m not understanding something correctly. Perhaps I need to learn more about how a synched passkey operates. An earlier observation that “not everyone has the same priorities in their risk analysis” gives me the chills. My priority is the best protection possible.
At the moment, device-bound passkeys on each of my devices seems to be the safest idea.
I realize that I’ve gone far afield from Bitwarden here, so if you think it’s time for me to go back to the drawing board regarding passkeys, I accept that.
I don’t think you’ve gone that far off the trodden path. Some Bitwarden users don’t store TOTP secrets in their vaults, and by the same logic, don’t store passkeys there either. For people who prioritize security and have/can afford multiple devices to store passkeys, hardware ownership/“exclusive”-control is a very practical solution.
Also remember that not all authenticators are created equal. For device-bound passkeys, security keys are the gold standard (though implementations vary). Windows Hello (bound to a secure enclave but able to store many passkeys) likely uses a multi-tier key protection architecture. Password managers are protected differently too—witness Apple Keychain, from which stealing secrets (including passkeys) would likely require elevated access.
The bit you are missing is that the “device” is your vault, not your phone.
A passkey contains a “private key” that indeed never leaves the vault. It also contains a “public key” that never leave the webserver. These two keys interact to create an encrypted conversation to confirm your identity. Because both keys stay put, an adversary-in-the-middle never has access to the secrets required to simulate either side. This AITM protection is equally effective for both device-bound and syncable passkeys.
Where things differ is the protection of the vault itself. With a device-bound vault (such as a Yubikey), the vault/private-key is stored in memory on the Yubikey and an on-board microprocessor does all the encryption math. This means that unless someone gets access to your Yubikey, they can not use your passkeys. It also means that if you lose your Yubiukey, you lose all the passkeys on it. This latter issue is why we tend to recommend two or more Yubikeys and to manually create a passkey for each site on all your Yubikeys.
With a syncable vault (e.g. Bitwarden) the vault/private key is stored in an encrypted file. Because this encrypted file can be copied to other PCs/phones and it can be backed up, there is greater convenience of use and a significantly lessened risk of loss or locking oneself out. This comes at a cost, though. When in use, the vault necessarily needs to be decrypted in Bitwarden’s process memory, so it is at risk of exposure to malware on your PC/phone. It is also much easier for a bad-actor to steal an encrypted file than it is to steal a chunk of metal on the same ring as your house-key.
In the end the most important thing to know is that both syncable and device-bound passkeys are more secure in all respects than passwords. Choosing between the two types of passkeys is a much less important decision that mostly depends on one’s individual risk analysis, finding their comfort level balancing convenience and risk-of-loss vs risk-of-disclosure.
Here is a MS document that goes into a bit of detail on how it protects private-keys. If your device has a TPM, Hello can do true device-bound, but MS also seems to be dipping their toes into the syncable world.
Yep, Apple keychain is a syncable password manager, storing a backup on iCloud, and able to keep copies on multiple devices. In this respect, it is much more like Bitwarden. But, being the OS provider, Apple has a better ability to defend the keychain against on-device malware when using iOS/iPadOS/MacOS .
I don’t think I’ve ever seen a document that addresses this question: if a YubiKey can store “only” 100 passkeys because of hardware memory limits, how does Windows Hello store even more with a TPM? Using multi-tier key protection — some keys stored in the TPM and others stored outside but protected by the TPM-held keys — seems possible, though it’s just one possible solution.
Totally a guess, but to be portable between pcs/phones, the Yubikey likely needs to store all the metadata on the yubikey, whereas Hello could store the metadata on the hard drive and only the private key itself in the TPM.
That said, I can purchase a name-brand 32gb flash drive for like $10 nowadays, so I really don’t understand why a Yubikey would needs tight memory constraints.
) to brute-force them.