Sign into Bitwarden with a Passkey (Google, Apple, Microsoft)

With iOS 15.4 it appears there is support for the new “passwordless” spec that Apple, Google and Microsoft are promoting. When I try WebAuthn from Mac Safari, one of the options is “iPhone, iPad or Android Device (Use passkey from a device with a camera)”. This would be a fantastic replacement for physical Yubico keys I think.

When I follow the process, it shows me a QR Code which I scan from my phone, which then leads to a popup that says that there are no passkeys for vault.bitwarden.com in my iCloud Keychain.

Any idea when this will be available?

Edit: Apple Developer Documentation

1 Like

This is getting more important now that Apple has shown it again during this year’s WWDC and more companies really putting their weight behind it. I will have to look into account recovery of this feature some more, because I don’t want my iPhone to be a single point of failure, potentially locking me out of all accounts. But I’m generally wondering how bitwarden’s role might evolve in a passwordless future. Would be interesting to get your thoughts on it @kspearrin

4 Likes

+1, using bitwarden with bitwarden_rs makes my password manager ecosystem free of centralized cloud solutions, and i’d like to keep it that way.

What’d be interesting is how open Google and Microsoft will be with this implementation, and if it means that bitwarden needs to position itself more to a system level, rather than an extension level, or (like enpass) link the two together.

Thanks for the feedback everyone! Here is a recent post from the Bitwarden team:

rest assured that Bitwarden is firmly committed to the FIDO Alliance (going on our 3rd year as a member) and developing FIDO2/WebAuthn functionality beyond the use cases in place now. the ideas and suggestions are welcome, Bitwarden remains active in this area, and we look forward to more ahead!

2 Likes

Hi @rotor,

Is this request is about supporting the storage of Passkeys, which are simply FIDO2/WebAuthn keys under the hood, within the Bitwarden vault? If so it may be a duplicate of

Or are you more so asking to login to your Bitwarden Vault with the use of a Passkey, in place of a Yubikey for passwordless login to your vault?

This one. Being able to authenticate to BitWarden with my iPhone/iPad/Mac (instead of a YubiKey/Cisco Duo) seems pretty nifty. I don’t know what the security implications are though.

Thanks for the feedback @rotor, currently you can use a passkey as 2FA (FIDO2 WebAuthn) on iOS for example (the team is still working on making the web vault mobile friendly).

The team is definitely tuned into passkey support, so expect more to come!

Two-step login using FIDO2 WebAuthn authenticators is available for premium users, including members of paid organizations (families, teams, or enterprise).

Any FIDO2 WebAuthn Certified authenticator can be used, including security keys such as YubiKeys, SoloKeys, and Nitrokeys, as well as native biometrics options like Windows Hello and Touch ID.

1 Like

I’ve been really happy with the WebAuthn option in Bitwarden. Unfortunately, the description is not as user-friendly as it could be. The ability to use any of the Windows Hello options is not clearly explained to users. When setting up a new WebAuthn key, Bitwarden asks the user for a “security key,” which usually indicates a hardware token.

I believe that a choice may have been made here in an attempt to save users from themselves from setting up a WebAuthn key that’s not portable like a Yubikey. In order to change the language here, Bitwarden needs to expand support for the “Log in with device” option to include any device where the user has signed into their Bitwarden account including desktop and web vaults.

Will this be part of the plan in Bitwarden’s implementation of Passkey support?

Pioneering an extended multi-master key SQRL , that’s what I’d love seeing Bitwarden do. Better than these platform-bound “passkeys”.

Hey @seanchristians passkey standards are still in development and product support and terminology around this will change overtime as things solidify.