Store WebAuthn/FIDO2 Credentials in Bitwarden (Passkey support)

Seems like Dashlane is releasing this feature “in the coming weeks”: Ushering in the Passwordless Future at Dashlane

The Verge also wrote about it, with a demo screenshot: Dashlane is ready to replace all your passwords with passkeys


Literally what I came to post about!

Good catch + links.


Hey folks, thanks for sharing! We are big supporters of FIDO2 developments and the emergence of passkeys. there are a number of ways you can take advantage of FIDO2 today in Bitwarden, and there are more passwordless options coming. stay tuned!


More from one of the Google blogs on this topic a couple of days ago too -

Although the QR code scanning answers one of my questions about cross platform work I’d prefer to store these logins in Bitwarden rather than Google Cloud so really looking forward to seeing what solution you come up with.


It feels like the wait-and-see approach is perhaps misguided now with Apple promoting Passkeys (WebAuthn) heavily with the launch of macOS Ventura. Does the Bitwarden team have anything concrete to share in response?


Hey @Yeroc the team is already working on passkey support :+1:


Thank you for the update. Is there any place this has been noted in the roadmaps or other publicly available documentation to refer to or only your comment at this time? I know that getting ahead of the curve on this (I.e. before everyone sets up Apple’s or Google’s passkey system which would make migrating to using Bitwarden even more difficult and a large hurdle) is important (in my personal opinion anyways) since once my friends and family start setting up passkey with their phones, getting them to switch to Bitwarden will be even harder and make the other, really powerful features of Bitwarden harder to leverage with them (like a shared Vault, file attachments, one-stop MFA via TOTP, customization and adding of custom fields, etc). While I know it’s sudden, I think this feature should really have a very high priority for the devs since being late here will probably affect bitwarden’s long-term popularity, especially as things keep moving forward towards passkeys.


Hey @DannekRose we update the roadmap quarterly, but rest assured the team is already working on passkey support :+1: Bitwarden is part of the Fido Alliance and will continue to follow and develop emerging standards.


Good to hear @bw-admin :slight_smile: - the roadmap currently says ‘passwordless login’ for 2022H2, but it’s not clear to me if this means using Bitwarden as the ‘Authenticator’ for passkey login to third parties, or merely using a (third-party-authenticated) passkey to unlock the Bitwarden vault? Thanks.

I think it just means that you use one authorized device (i.e., a device already logged in to Bitwarden) to authorize logins to Bitwarden on another device.

Passwordless logins on the current roadmap refers to using a verified mobile device (as an example) to authenticate into other clients, which is slated to be included in November release.

1 Like

Reading into what @bw-admin just posted, I don’t think it means what people are asking for here. I think what it means is that instead of using entering your BW vault master password and 2FA (e.g. a Yubikey) to login to your BW vault, you will simply need to have a nearby authenticator device (i.e. a phone via bluetooth) after entering your user ID.

I do not think it means BW will have any capability to “proxy” if you will, your existing 2FA token or phone proximity (via bluetooth) to login to sites using this new “passwordless” authentication as many here are hoping. i.e. using BW as a central credential repository for these new credential tokens like it is for TOTP codes.

The use case is simple. How do I authenticate when I lose my phone? How do I enroll my new, replacement authenticator device? How can I have multiple authenticator devices enrolled? (i.e. one for me, one for my spouse/partner, and one for my “designated survivor” family member)

The above isn’t much of an issue for folks already using 2FA tokens (e.g. Yubikeys), but it will be for folks new to this and going from passwords straight to passwordless, so there isn’t an alternative 2FA to fall back on. It will likely look a lot like how we manage TOTP enrollments now. And since we can capture and use TOTP credentials within BW now, is there an articulable challenge to being unable to do exactly the same with these new FIDO2/WebAuthn credentials? i.e. unique FIDO2/WebAuthn credentials per vault entry, that are in turn, unlocked through your BW vault’s access FIDO2/WebAuthn credentials.

Yes, this feature request is about storing passkeys, but there is a secondary discussion that we can break out into a new post in the ‘ask the community’ section if needed, regarding using other devices to authenticate instead of master password (using confirmed devices) which is slated for the November release.

Confirming a device is as simple as logging into Bitwarden once on that device and then checking a tick box in the settings menu for ’ approve login requests’

Thank you, @bw-admin. I agree there are two discussions. What’s coming to BW is WebAuthn/FIDO2 proximity authentication (aka “passwordless”) for BW itself - logging into your vault.

The other discussion (mixed into this one) is about using BW as a manager for these new credentials (alongside passwords and TOTPs) with the individual entries of our vaults. That’s what could be broken out as a separate topic as a feature request, maybe after the dust settles from rolling out the new capability.

My understanding is that this feature request is already about storing these new credentials (WebAuthn/FIDO2/passkeys) in your vault. You seem to be suggesting that topic should be a separate feature request, unless I’m misreading.

The passwordless feature already on the roadmap refers to something else (as clarified by @bw-admin), while the feature discussed here is being worked on but not on the roadmap due to it being updated quarterly.

That is very explicitly this discussion in the OP:


Any updates on this?

Hey @apastuszak this one is currently in research and development, and we will be sure to share updates as they become available :+1:


Microsoft, Google, and Apple have announced support for the FIDO2 passwordless initiative that media are calling “Passkeys”. Because Passkeys creates a new key pair for each web site login, there is the issue of moving all these key pairs among devices. I am sure that Google will do that for Android and Chrome and Apple will do it for their iPhones and Macs, but what about between Android and Apple or Linux?

Would Bitwarden be able to support the new Passkeys cross-platform like it does with current passwords? I want to sync Android to Linux desktop and I will wait for Bitwarden to support this, if the feature will be added.


Hello @kwe

Bitwarden does currently support FIDO2 WebAuthn for MFA verification in addition to your master password for vault unlocking.

Bitwarden doesn’t support using these “passkeys” to login in leui of the master password yet, but there is a current similar feature request for this to be supported. Though like most things in adopting to FIDO2 password less login fully will take quite a bit of engineering on the backend to integrate.

1 Like