Bitwarden has rolled out support for passwordless login via passkeys across its browser extensions and web vault, allowing users to authenticate without entering a username, password, or two-factor code.
The update leverages the emerging PRF WebAuthn extension, positioning Bitwarden among the first password managers to deliver passkey-based login with full end-to-end encryption.
The new feature builds on the company's recent passkey initiatives and completes a rapid sequence of updates. Just last week, Bitwarden introduced native support for storing and managing passkeys within its vault, including integration with Windows 11's system-level credential management.
The key innovation in this release lies in the use of the PRF (Pseudo-Random Function) WebAuthn extension, a nascent but powerful standard. Unlike conventional passkeys, which are not directly usable for decryption due to their ephemeral nature, the PRF extension enables deriving a stable encryption key from a passkey. This allows Bitwarden to both authenticate the user and decrypt their vault in a single, seamless operation, without requiring passwords or recovery keys.
Founded in 2016, Bitwarden is an open-source password manager used by millions globally. It is widely adopted among privacy-conscious individuals and organizations, offering robust end-to-end encryption and a transparent development model. The addition of passkey login for its most-used interface, the browser extension, marks a critical step in aligning the platform with the FIDO Alliance's vision of a passwordless future.
Currently, the passkey login feature is in beta and supports Chromium-based browsers, including Google Chrome, Microsoft Edge, and Brave. Users can register up to five PRF-compatible passkeys per account. Those using passkeys from providers that do not yet support the PRF extension can still authenticate using the passkey, but will need to input their master password for decryption.
This move comes shortly after Bitwarden announced integration of its desktop application with Windows 11, enabling the OS to natively recognize Bitwarden as a passkey provider. This partnership with Microsoft allows users to create and use passkeys outside the browser, with private keys never leaving the device and vault contents remaining encrypted during synchronization.
For users, the benefits are immediate and practical. Logging in with a passkey is faster, more secure, and resistant to phishing, as the cryptographic keys are bound to the domain and cannot be intercepted or reused elsewhere. This implementation also removes common friction points, such as remembering login credentials or managing two-factor codes.
While this release does not yet allow passkey-based unlocking of a timed-out vault session, Bitwarden confirmed that the capability will arrive in an upcoming update. The feature suite is available to all users, including those on the free plan.
Leave a Reply