Bitwarden – in our opinion the best free password manager available right now – has announced the long-awaited arrival of passkey support.
The news follows a recent declaration from the company of a toolkit to allow developers to create passkeys for their own services. But what was missing was the ability for users to actually be able to use and store passkeys within the manager.
This has now been rectified, as passkeys can now be used in place of the master password used to secure your vault, so you can log in to the open-source manager without a password. You can also store passkeys used for other services, allowing for instant login with no password at all – all you need to authenticate your identity is your smart device’s PIN or stored biometrics such as your fingerprint scan or facial features.
Passkeys are cryptographic keys that are stored on your smart device. This private key combines with the public key of the service in question to allow you to gain access to your account with that service. For this reason, they are considered phishing resistant, as no one – not even the user – knows the contents of these private keys.
The standards for passkey development and usage are set by the FIDO alliance, an open industry alliance that has tech giants including Apple, Amazon, Google, Meta and Microsoft as board members (Bitwarden is itself a sponsor-level member). Apple was at the vanguard in bringing the passwordless solution to a wider audience, with others following in itsr wake.
In order that big tech would not monopolize the technology, other popular password managers, such as 1Password and NordPass, also announced their support. Now Bitwarden has joined their ranks, and we believe it is the first free password manager to support passkeys.
“Moving from passwords to passwordless forms of authentication like passkeys will rank among the biggest technology changes of this decade,” said Michael Crandell, CEO of Bitwarden. “And it’s a core part of our mission to help users make the shift. At Bitwarden, we envision a world where nobody gets hacked. Passkeys are going to be critical in enabling us to get there.”
From summer 2023, users will be able to generate, save, and use passkeys from Bitwarden. They will also be able to login and unlock access to their vaults with them, in place of a master password.
Also, Bitwarden will be adopting a new standard for passkeys, the WebAuthn PRF extension, which the company claims “enables workflows that generate secret keys used for encrypting user vault data.”