With iOS 15.4 it appears there is support for the new “passwordless” spec that Apple, Google and Microsoft are promoting. When I try WebAuthn from Mac Safari, one of the options is “iPhone, iPad or Android Device (Use passkey from a device with a camera)”. This would be a fantastic replacement for physical Yubico keys I think.
When I follow the process, it shows me a QR Code which I scan from my phone, which then leads to a popup that says that there are no passkeys for vault.bitwarden.com in my iCloud Keychain.
Any idea when this will be available?
Edit: Apple Developer Documentation
This is getting more important now that Apple has shown it again during this year’s WWDC and more companies really putting their weight behind it. I will have to look into account recovery of this feature some more, because I don’t want my iPhone to be a single point of failure, potentially locking me out of all accounts. But I’m generally wondering how bitwarden’s role might evolve in a passwordless future. Would be interesting to get your thoughts on it @kspearrin
+1, using bitwarden with bitwarden_rs makes my password manager ecosystem free of centralized cloud solutions, and i’d like to keep it that way.
What’d be interesting is how open Google and Microsoft will be with this implementation, and if it means that bitwarden needs to position itself more to a system level, rather than an extension level, or (like enpass) link the two together.
Thanks for the feedback everyone! Here is a recent post from the Bitwarden team:
rest assured that Bitwarden is firmly committed to the FIDO Alliance (going on our 3rd year as a member) and developing FIDO2/WebAuthn functionality beyond the use cases in place now. the ideas and suggestions are welcome, Bitwarden remains active in this area, and we look forward to more ahead!