January 11, 2024 at 02:41PM
Bitwarden password manager now allows users to log into their web vaults using passkeys, a more secure and phishing-resistant alternative to traditional passwords. The implementation relies on the PRF WebAuthn extension for encryption and decryption. Users can register passkeys using a hardware security key, increasing security without sacrificing convenience. The feature is available in compatible browsers during the beta phase.
Based on the meeting notes, the key takeaways are:
1. Bitwarden has introduced passkeys which can be used as a more secure alternative to standard username and password pairs for logging into web vaults.
2. Passkeys are phishing-resistant and allow users to decrypt their vault without the need for a master password, email address, or two-factor authentication.
3. Bitwarden’s implementation of passkeys relies on the PRF WebAuthn extension for both user authentication and encryption/decryption of vault data.
4. Passkeys are created using hardware security keys and is an emerging standard that allows the generation of symmetric encryption keys from an authenticator when used with a compatible browser.
5. During the beta phase, Bitwarden allows users of all plans to set up a maximum of five passkeys for the web app.
6. The feature is currently available in Chromium-based browsers that support PRF WebAuthn, with plans to extend it to more clients in the future.
Let me know if you need further details on any specific point!