🔑 Log in with Passkeys beta

dwbit · February 14, 2025, 3:47am

Hey everyone, let us know if you’ve had a chance to try out signing into your Bitwarden account with a passkey!

You can also store the passkey on a hardware key protected by a pin that wipes data after X number of failed attempts.

Passkeys only work on the originating website, so it’s a great way to avoid falling prey to a phishing site.

More information in the Help Center article: https://bitwarden.com/help/login-with-passkeys/

Nail1684 · February 14, 2025, 10:41am

… and/or bypasses the new device verification… (–> Who is excluded from this account email-based new device verification?)

PS:

(emphasis added)

As far as I remember, the OS also must support that. (e.g. on Windows 10, even with a PRF-supporting browser and e.g. a YubiKey 5, you can’t create and use “login-with-passkey”-passkeys with encryption, as Windows 10 doesn’t support that… if MS didn’t change it in the meantime)

dwbit · February 14, 2025, 1:03pm

Thanks @Nail1684 I updated the post to direct to the Help Center article that contains more detailed info.

mlec · February 14, 2025, 1:32pm

I don’t know what you expect in this thread exactly:

I can share that for me using Linux (Ubuntu) with a Chrome based browser (Brave), login with Password works perfectly with a Yubikey. And I love this feature.

It is probably off-topic for this thread: it would be nice to be able to unlock the vault the same way.

dwbit · February 14, 2025, 1:33pm

Glad to hear that, just cleaning up the beta forum to close out old app versions and highlight ongoing beta programs.

We do have an existing feature request if you haven’t already dropped a vote: Unlock Bitwarden with 2FA, e.g. security key / YubiKey (instead of, not in addition to password)

grb · February 16, 2025, 2:16am

Yes, I find it very convenient (and secure) to access the Web Vault using a Yubikey, and when passkey login comes to the browser extension, I will finally be able to introduce some family members to Bitwarden. Any update on that?

Ayitaka · February 17, 2025, 5:28pm

Windows 11, desktop and browser (Firefox) working flawlessly with various Yubikeys and Yubico Security keys.

Windows 11 is basically double the keystrokes/clicks for anything security key related, but that is not on you guys and Bitwarden passkeys are working great.

Windows 10, nearing EOL and I still have not found a way to get passkey encryption working. This is actually what prompted me to install Windows 11 finally.

Apparently Apple added support for PRF in iOS 18, so hopefully will be able to use them on iPhones soon too.

Gaurav · February 26, 2025, 10:51am

Using this feature ever since it was announced.
Its a great way to login to your vault , without typing your master password or worry about someone shoulder surfing you.
I am waiting for this feature to be added to desktop and other clients too.
For now i am even using the web vault as a webapp on the desktop , to take advantage of this feature.

Nail1684 · February 26, 2025, 12:00pm

“Me too.”

It’s a great gain in security and I really desire it for the mobile apps and browser extensions.

Especially with the mobile app, I would rather like to log out and log back in swiftly, instead of using biometric unlocking… nothing against that in general, but since my Android phone also works with biometric unlocking, I really miss an (relatively) easy way to make the BW mobile app “more secure” here. With easy logout/login, it wouldn’t even leave the local data on the phone.

BTW, though that request didn’t get much traction yet, I would like to point out that using more than 5 such passkeys could be needed in the future: Passkeys: Support more than 5 "login-with-passkey"-passkeys for the Bitwarden account/vault (FIDO2 passwordless login) (since more devices than “in the early days” of FIDO2, can now store passkeys - even those “with encryption”/PRF)

passkeydemo · February 27, 2025, 10:59pm

When I log into the Bitwarden Web Vault on my iPhone and create a passkey with encryption (PRF extension) using iCloud Keychain, I can log in without any problems on the iPhone. However, when I try to use this passkey in Chrome on Windows via QR code/BLE, the login fails. On the other hand, if I log into Chrome on Windows first and then create a passkey with encryption on my iPhone via QR code/BLE, I can log in successfully on Windows using the passkey. However, when I try to log in on my iPhone with the same passkey, it fails, even though the passkey is stored on the iPhone.

jd.bw · February 28, 2025, 12:30am

@dwbit
Quick question…is it possible that my system or my browser settings could prevent my previously working passkey from unlocking my vault properly? I have a iCloud/TouchID passkey on my macbook pro, and have attempted to login to the web client on Chrome browser…the page accepts my fingerprint biometrics, but then redirects me to “login with master password,” page. I know that my settings must be enabled properly such that the passkey allows for encryption, but theoretically, fi encryption is enabled, could this functionality still be hindered by system or browser settings? Thanks!

Gaurav · March 9, 2025, 8:48am

I am not sure why this feature is still in beta . I have been using this for like a year and didn’t seem to find any issues. Hopefully this gets out of beta soon.
Also want to know when it would be introduced in other clients as well like the desktop app and mobile.

Nail1684 · March 9, 2025, 10:49am

… Here is a thread, where I stated that question as well - and got some answers: "Login with passkeys" - what does beta mean?

… as I understood it, because it could not be implemented in the other clients from the start, was exactly the reason why they called it “Beta”.

johan · March 15, 2025, 12:33pm

Works perfectly. Linux Mint, FireFox 136.0.1, Yubikey.

codreanuradu · April 17, 2025, 6:59am

I wanted to add a passkey from Android, from Chrome browser but then Bitwarden itself tried to store the passkey. What’s the correct way of doing this? It seems odd that I would save the Bitwarden website passkey, in Bitwarden - so I didn’t, just like I don’t have a Bitwarden login entry in Bitwarden. (Also a bit off topic but it’s odd that items for which Bitwarden saves passkeys display no indication of this.)

Micah_Edelblut · April 17, 2025, 12:24pm

It’s really up to you where you’d like to save your Bitwarden passkeys - there isn’t a correct way of doing it. You could save your Bitwarden passkey in Bitwarden. We do try to prevent this in some cases, because having this sort of “I need Bitwarden to access Bitwarden” setup isn’t great, but as a backup it’s fine.

codreanuradu · April 17, 2025, 12:39pm

Hi Micah, I appreciate the reply, and I realize I didn’t ask the right question. If one wants to use their device (Android smartphone in this case) biometrics, in order to set the Bitwarden passkey, how would one achieve that? Like do I have to choose Google as the auto fill provider, or some authenticator app? Doesn’t Android have some default way to store these, like in the case of a Windows machine via Windows Hello for example? So basically to use the device vanilla option that’s there for all basic biometric unlocks. Sorry for the lack of tech savvyness in this regard. Thanks!

Micah_Edelblut · April 17, 2025, 1:00pm

To achieve that effect, you’d want to set up Google Password Manager to be an autofill provider on your android device. I’m not super familiar with this setup, but I think it would mean that every time you’re autofilling from Bitwarden it might also surface Google Password Manager as an option.

codreanuradu · April 17, 2025, 2:31pm

Thanks, I guess I’ll have to do some testing. I think Bitwarden is super useful to have as the default autofill provider, it’s just setting it up for this very specific use case where you want to add the passkey for Bitwarden itself. I think it makes sense to have it set up for all of one’s devices. Appreciate your help, cheers!