Feature: Store WebAuthn/FIDO2 Credentials in Bitwarden
- What will this feature do differently?
Allow Bitwarden to be used as a WebAuthn authenticator (and synchronize WebAuthn soft tokens between devices)
- What benefits will this feature bring?
WebAuthn soft tokens can be synchronized in a cross-platform way between devices
Related topics + references
NOTE: This is NOT a request to be able to log in to Bitwarden with FIDO2/WebAuthn I am aware that functionality already exists. Instead, the idea is to be able to securely generate/store WebAuthn credentials used to log in to various websites in a way easily portable across platforms/devices.
This was discussed on Security Now! shows #870 874, 875
1Password has stated they will be doing this: We’ve joined the FIDO Alliance to build a better future for authentication | 1Password
LastPass may be doing this but their press release is a mess and unclear on exactly what they are doing: LastPass is First Password Manager Committed to a FIDO-Supported Passwordless Future - The LastPass Blog
I think this is a great idea, Ben. I currently use an app called IDmelon that turns my phone into a WebAuthn authentication device, and it works very well. Embedding that same functionality within Bitwarden would be a fabulous feature, and it would put Bitwarden ‘ahead of the technology curve’ of their competitors.
I’m a bit frightened to see how hard it was for me to find that feature request and how little interest it seems to have raised…
For me it seems obvious that storing the private key for passwordless webauthn in bitwarden is an obvious next step, as simple in the beginning as just storing another type of credentials, with the extra complexity on all client apps to integrate the proper APIs to actually get the opportunity to answer the challenge using that private key…
No denying there is a ton of work behind that, just astonished that it hasn’t already made its way into the very top of the roadmap…
thanks @ToXiC @dh024 @bfranske! As @ToXiC indicated there is a lot behind the discussions here but rest assured that Bitwarden is firmly committed to the FIDO Alliance (going on our 3rd year as a member) and developing FIDO2/WebAuthn functionality beyond the use cases in place now. the ideas and suggestions are welcome, Bitwarden remains active in this area, and we look forward to more ahead!