BETA feature that will allow you to log in to your web vault using a passkey. That’s pretty cool!
6 Likes
Uuu new shiny. Tx 4 heads up.
Only for the web vault, it seems,
That’s one thing that I don’t understand about Bitwarden: Features are not consistently supported across all product platforms. For example, hardware keys are still not supported in the macOS desktop app.
This feature brings additional use case and is one of the most requested feature in their forums for past 2-3 years.
Though you should be aware that enabling passwordless logins (i.e passkyes) will bring you convenience as well as some risk.
Your passkey or security key would be able to bypass any 2fa method thereby making it very powerful.
Considering all other passwords are stored here, the security of all accounts depends on just a single factor.
In the master password route , you atleast have something that nobody else knows as it stays in your mind combined with a 2fa method. So there is no single point of failure in your security practice.
You might want to hold on to your master password for your password manager atleast.
Using passkeys for any other service would be just fine.
This feature would be more suitable for organisation uses.
2 Likes
Is it possible to have a passkey in addition to a master password? Rather than just one or the other?
Would that be the best for security if you had to use both to log in? With no key or no password an adversary could not access your account.
I don’t know if this is possible, or even if this is how it works, though.
1 Like
What you want was already a thing. FIDO2 is exactly the same technology and still works, so yes.
It depends on set up. From what I have seen most passkey integrations still require a PIN in addition to having the physical device. To me that is a pretty acceptable solution. That’s what I found stupid in the way Bitwarden integrated passkeys now in their add-ons. It just allows you to blindly use it whereas if you use native passkeys is prompts authentication.
For organizations especially weak passwords are still a big issue, we can now finally start to eliminate this. I rather have people use passkeys with PIN protection than keeping trying to change user behaviour. Well the latter will always remain a thing it is really hard to achieve.
1 Like
Wouldn’t you need both the key itself as well as the PIN to unlock the pass-key?
Well, you still need to log into that Bitwarden client which is protected by the master password.