🔑 Log in with Passkeys beta

Hey everyone, let us know if you’ve had a chance to try out signing into your Bitwarden account with a passkey!

You can also store the passkey on a hardware key protected by a pin that wipes data after X number of failed attempts.

Passkeys only work on the originating website, so it’s a great way to avoid falling prey to a phishing site.

More information in the Help Center article: https://bitwarden.com/help/login-with-passkeys/

4 Likes

… and/or bypasses the new device verification… (–> Who is excluded from this account email-based new device verification?)

 

PS:

(emphasis added)

As far as I remember, the OS also must support that. (e.g. on Windows 10, even with a PRF-supporting browser and e.g. a YubiKey 5, you can’t create and use “login-with-passkey”-passkeys with encryption, as Windows 10 doesn’t support that… if MS didn’t change it in the meantime)

Thanks @Nail1684 I updated the post to direct to the Help Center article that contains more detailed info. :slight_smile:

I don’t know what you expect in this thread exactly:

I can share that for me using Linux (Ubuntu) with a Chrome based browser (Brave), login with Password works perfectly with a Yubikey. And I love this feature.

It is probably off-topic for this thread: it would be nice to be able to unlock the vault the same way.

Glad to hear that, just cleaning up the beta forum to close out old app versions and highlight ongoing beta programs.

We do have an existing feature request if you haven’t already dropped a vote: Unlock Bitwarden with 2FA, e.g. security key / YubiKey (instead of, not in addition to password)

1 Like

Yes, I find it very convenient (and secure) to access the Web Vault using a Yubikey, and when passkey login comes to the browser extension, I will finally be able to introduce some family members to Bitwarden. Any update on that?

1 Like

Windows 11, desktop and browser (Firefox) working flawlessly with various Yubikeys and Yubico Security keys.

Windows 11 is basically double the keystrokes/clicks for anything security key related, but that is not on you guys and Bitwarden passkeys are working great.

Windows 10, nearing EOL and I still have not found a way to get passkey encryption working. This is actually what prompted me to install Windows 11 finally.

Apparently Apple added support for PRF in iOS 18, so hopefully will be able to use them on iPhones soon too.

1 Like

Using this feature ever since it was announced.
Its a great way to login to your vault , without typing your master password or worry about someone shoulder surfing you.
I am waiting for this feature to be added to desktop and other clients too.
For now i am even using the web vault as a webapp on the desktop , to take advantage of this feature.

“Me too.” :slight_smile:

It’s a great gain in security and I really desire it for the mobile apps and browser extensions.

Especially with the mobile app, I would rather like to log out and log back in swiftly, instead of using biometric unlocking… nothing against that in general, but since my Android phone also works with biometric unlocking, I really miss an (relatively) easy way to make the BW mobile app “more secure” here. With easy logout/login, it wouldn’t even leave the local data on the phone.

BTW, though that request didn’t get much traction yet, I would like to point out that using more than 5 such passkeys could be needed in the future: Passkeys: Support more than 5 "login-with-passkey"-passkeys for the Bitwarden account/vault (FIDO2 passwordless login) (since more devices than “in the early days” of FIDO2, can now store passkeys - even those “with encryption”/PRF)

When I log into the Bitwarden Web Vault on my iPhone and create a passkey with encryption (PRF extension) using iCloud Keychain, I can log in without any problems on the iPhone. However, when I try to use this passkey in Chrome on Windows via QR code/BLE, the login fails. On the other hand, if I log into Chrome on Windows first and then create a passkey with encryption on my iPhone via QR code/BLE, I can log in successfully on Windows using the passkey. However, when I try to log in on my iPhone with the same passkey, it fails, even though the passkey is stored on the iPhone.

@dwbit
Quick question…is it possible that my system or my browser settings could prevent my previously working passkey from unlocking my vault properly? I have a iCloud/TouchID passkey on my macbook pro, and have attempted to login to the web client on Chrome browser…the page accepts my fingerprint biometrics, but then redirects me to “login with master password,” page. I know that my settings must be enabled properly such that the passkey allows for encryption, but theoretically, fi encryption is enabled, could this functionality still be hindered by system or browser settings? Thanks!

I am not sure why this feature is still in beta :thinking: . I have been using this for like a year and didn’t seem to find any issues. Hopefully this gets out of beta soon.
Also want to know when it would be introduced in other clients as well like the desktop app and mobile.

… Here is a thread, where I stated that question as well :wink: - and got some answers: "Login with passkeys" - what does beta mean?

… as I understood it, because it could not be implemented in the other clients from the start, was exactly the reason why they called it “Beta”. :wink:

1 Like

Works perfectly. Linux Mint, FireFox 136.0.1, Yubikey.

1 Like