Strengthen encryption with hardware/platform key

Ah. Got it. I think much of this information is already available via the Alliance, plus Apple and Google’s new implementation of passkeys. may also be a place to scour. I think a key unknown is migration of keys, something that the Google/M$/Apple’s of the world are nervous about. They like their walled gardens but they frame their concern re: exports in terms of security vulnerability, which may also be true. Set up a passkey for Apple on eBay and then try to export that key. It’s currently limited to Airdrop when I last checked. This needs to be resolved for a Bitwarden solution to fully take flight, I think.

The following shows confirmation that newer Series 5 Yubikeys, with firmware 5.2, support the hmac-secret CTAP extension:

(go to bottom of the article)

Does this extension need to be supported by all the browsers on all the platforms supported by BW? :thinking:

Honestly, I’m not super sure of the implementation details, but the hope is that given the hmac extension has been adopted by FIDO2, then it should be usable in all the places FIDO2 can be used.

It looks like there is some chatter about this on neighboring password managers: