Up again
Sad to see there doesn’t seem to be much to say as to using our bitwarden vault to store fido2 secrets and use our bitwarden clients to perform webauthn …
Exactly my thoughts. I just came to check for any news, after reading more announcements around Apple’s Sep event.
I would like to be able to store my FIDO credential in Bitwarden’s vault and then use it from there on any platform and its respective devices.
Hey everyone! Rest assured we’re keeping our eyes on this space as standards solidify! For more information check out Yubico’s A Yubico FAQ about passkeys - Yubico article.
Work is still ongoing on different platforms and browser combinations to complete robust passwordless experiences with both internal and external authenticators. Platform vendors have started publicly signaling their intent to complete that work, and have reaffirmed their ongoing commitment to standards bodies such as the W3C and FIDO.
Seems like Dashlane is releasing this feature “in the coming weeks”: Ushering in the Passwordless Future at Dashlane
The Verge also wrote about it, with a demo screenshot: Dashlane is ready to replace all your passwords with passkeys
Literally what I came to post about!
Good catch + links.
Hey folks, thanks for sharing! We are big supporters of FIDO2 developments and the emergence of passkeys. there are a number of ways you can take advantage of FIDO2 today in Bitwarden, and there are more passwordless options coming. stay tuned!
More from one of the Google blogs on this topic a couple of days ago too -
Although the QR code scanning answers one of my questions about cross platform work I’d prefer to store these logins in Bitwarden rather than Google Cloud so really looking forward to seeing what solution you come up with.
It feels like the wait-and-see approach is perhaps misguided now with Apple promoting Passkeys (WebAuthn) heavily with the launch of macOS Ventura. Does the Bitwarden team have anything concrete to share in response?
Thank you for the update. Is there any place this has been noted in the roadmaps or other publicly available documentation to refer to or only your comment at this time? I know that getting ahead of the curve on this (I.e. before everyone sets up Apple’s or Google’s passkey system which would make migrating to using Bitwarden even more difficult and a large hurdle) is important (in my personal opinion anyways) since once my friends and family start setting up passkey with their phones, getting them to switch to Bitwarden will be even harder and make the other, really powerful features of Bitwarden harder to leverage with them (like a shared Vault, file attachments, one-stop MFA via TOTP, customization and adding of custom fields, etc). While I know it’s sudden, I think this feature should really have a very high priority for the devs since being late here will probably affect bitwarden’s long-term popularity, especially as things keep moving forward towards passkeys.
Hey @DannekRose we update the roadmap quarterly, but rest assured the team is already working on passkey support Bitwarden is part of the Fido Alliance and will continue to follow and develop emerging standards.
Good to hear @dwbit - the roadmap currently says ‘passwordless login’ for 2022H2, but it’s not clear to me if this means using Bitwarden as the ‘Authenticator’ for passkey login to third parties, or merely using a (third-party-authenticated) passkey to unlock the Bitwarden vault? Thanks.
I think it just means that you use one authorized device (i.e., a device already logged in to Bitwarden) to authorize logins to Bitwarden on another device.
Passwordless logins on the current roadmap refers to using a verified mobile device (as an example) to authenticate into other clients, which is slated to be included in November release.
Reading into what @dwbit just posted, I don’t think it means what people are asking for here. I think what it means is that instead of using entering your BW vault master password and 2FA (e.g. a Yubikey) to login to your BW vault, you will simply need to have a nearby authenticator device (i.e. a phone via bluetooth) after entering your user ID.
I do not think it means BW will have any capability to “proxy” if you will, your existing 2FA token or phone proximity (via bluetooth) to login to sites using this new “passwordless” authentication as many here are hoping. i.e. using BW as a central credential repository for these new credential tokens like it is for TOTP codes.
The use case is simple. How do I authenticate when I lose my phone? How do I enroll my new, replacement authenticator device? How can I have multiple authenticator devices enrolled? (i.e. one for me, one for my spouse/partner, and one for my “designated survivor” family member)
The above isn’t much of an issue for folks already using 2FA tokens (e.g. Yubikeys), but it will be for folks new to this and going from passwords straight to passwordless, so there isn’t an alternative 2FA to fall back on. It will likely look a lot like how we manage TOTP enrollments now. And since we can capture and use TOTP credentials within BW now, is there an articulable challenge to being unable to do exactly the same with these new FIDO2/WebAuthn credentials? i.e. unique FIDO2/WebAuthn credentials per vault entry, that are in turn, unlocked through your BW vault’s access FIDO2/WebAuthn credentials.
Yes, this feature request is about storing passkeys, but there is a secondary discussion that we can break out into a new post in the ‘ask the community’ section if needed, regarding using other devices to authenticate instead of master password (using confirmed devices) which is slated for the November release.
Confirming a device is as simple as logging into Bitwarden once on that device and then checking a tick box in the settings menu for ’ approve login requests’
Thank you, @dwbit. I agree there are two discussions. What’s coming to BW is WebAuthn/FIDO2 proximity authentication (aka “passwordless”) for BW itself - logging into your vault.
The other discussion (mixed into this one) is about using BW as a manager for these new credentials (alongside passwords and TOTPs) with the individual entries of our vaults. That’s what could be broken out as a separate topic as a feature request, maybe after the dust settles from rolling out the new capability.
My understanding is that this feature request is already about storing these new credentials (WebAuthn/FIDO2/passkeys) in your vault. You seem to be suggesting that topic should be a separate feature request, unless I’m misreading.
The passwordless feature already on the roadmap refers to something else (as clarified by @dwbit), while the feature discussed here is being worked on but not on the roadmap due to it being updated quarterly.
That is very explicitly this discussion in the OP:
Any updates on this?