Hi,
Do you think it is safe to use the new passkeys function?
So far, when logging in, e.g. to a Google account, I used a password + U2F key. Currently, I can save both the password and passkeys in Bitwarden and log in to my Google account very conveniently. But how safe is such a solution?
Why doesn’t passkeys have any additional security? If I use a physical U2F key, if someone gains access to my Bitwarden, I still won’t log in to my Google account because they don’t have access to the U2F key. When passkeys are enabled in Bitwarden, when someone gains access to Bitwarden, they automatically have access to all my accounts
Why isn’t there an additional password/PIN or other security so that logging in to Bitwardne does not allow access to other accounts
Secondly, why CAN’T it be turned off? On every website where I use U2F, I have to click use browser and then I can log in. I would like to be able to disable passkeys from Bitwarden
Safe enough that major tech companies consider it to be the primary login method.
Because it already does and it’s builtin. In order to access your BW vault they need to biometrically authenticate.
Your BW login IS that additional password/pin.
It’s been stated many times already that it’s coming soon.
Overall it sounds like you don’t understand what passkeys are. Please read up on this topic. There are many sources online that explain and document it in great detail.