Hello.
I was looking at enabling Passkey authentication for my organization and came across this article:
It lists a ton of different hardware and software Passkey providers, but it seems like Bitwarden is not listed there. How come? Would be nice if it was compatible so that folks could use Bitwarden as their passkey provider.
It seems like you didn’t actually look at the list.
It includes software too:
And there are probably more software solutions in that list that I just don’t recognize from their names.
Biometrics, USB, NFC and Bluetooth methods are achieved using your phone’s hardware.
There is a problem with this – attestation doesn’t work with syncable passkeys, AFAIK, and Bitwarden uses syncable passkeys:
(–> What is Attestation in WebAuthn?)
Those apps you listed all just seem to be able to use other roaming authenticators, like physical security keys again – e.g.:
PS: From another page there, section “Reasons Why Attestation May Not Be Supported”:
(–> Why do some platforms not support attestation for passkeys?)
Though I’m neither sure if it is completely impossible nor if it will never be implemented for syncable passkeys as well…
“Hardware” vs “software” really is not the defining characteristic. More relevant is if the passkey is device-bound or is syncable. Bitwarden is by its very nature a “syncable” passkey provider. I suspect that the listed Android and iOS apps use technologies (e.g. the local TPM) to device-bind the passkey.
As much as I would like to see Bitwarden make that list, I currently see three roadblocks:
Off-topic:
Apparently, with the October update, they have introduced syncable passkeys via third-party providers, currently 1Password. Maybe it’s on the horizon for Bitwarden as well.
The Verge article stating “soon” is from Oct 2024, just about a year ago. The MS link OP had is from a month ago reporting “plans to”. This year’s ignite is about a month out. Maybe the timeline will graduate to “just around the corner”.
The reason I started looking at that page is because of MC1097225 (MC1097225 - Entra ID: Upcoming changes to support passkey profiles in the authentication methods policy (preview) | Microsoft 365 Message Center Archive)
It states:
As part of this update in November 2025, if Enforce attestation is disabled, we will start accepting security key or passkey providers using the following attestation statements:
“none”
“tpm”
“packed” (AttCA type only)
Custom attestation formats ≤ 32 characters
Here’s another one: I did misread the date on the Verge article😅, but I was already aware of the patch’s release details, with 1Passkey integration.
I guess this answers that (link is set to 6:26 minutes in):
PS: Authenticate 2024 was about a year ago (the video is from 8 months ago)…
Very interesting video. Thank you for sharing it. From what I understood towards the end of the Q&A, a user will have a choice whether a passkey is device-bound or synced. I had the impression that a site makes that decision, not the user. 
But ultimately, this is about consumer Windows, not Entra.
In general, it was always both.
A site / relying party can restrict it… but when it’s not restricted, you can decide if you e.g. want to store it in Bitwarden (and thereby make it a syncable passkey) or store it on your physical security key (and thereby make it a device-bound passkey).
