Bitwarden – in our view the best free password manager around – has announced Bitwarden Passwordless.dev, a toolkit to allow developers to integrate passkeys into consumer websites and enterprise applications.
Passkeys allow for completely passwordless logins, where, rather than the user having to come up with a custom string to secure their account – perhaps with the help of the best password generator – a cryptographic key is automatically generated on device (if it supports them) that no one has any knowledge of – not even the user.
For this reason, they are thought to be resistant to phishing, and also far more convenient as there is no need to rely on your memory or type anything in. All you need to authenticate your identity is whatever you use to lock your smart device – such as your PIN number, fingerprint or face.
Passkeys are regulated by the FIDO alliance – specifically the FIDO2 (opens in new tab) set of specifications. Most big tech companies are board-level members of the alliance, including Apple, Amazon, Google, and Microsoft. Apple were the leaders of the pack in supporting their use, with the others following suit.
However, there are concerns that these companies could monopolize their use, tethering users to their own platforms by making them the only option to store and use passkeys.
Other password managers, though, have stepped up to the plate and now support – or will in the near future – the storage of passkeys on their cross-platform systems, including 1Password and NordPass.
Bitwarden acquired passwordless.dev back in January, so we knew then it was likely on its way to joining them. And it is now one step closer to supporting passkeys with this new toolkit now launching in general availability. As far as we can tell, Bitwarden is the first free password manager to support passwordless solutions.
But it has gone one step further than the others, by offering a toolkit to allow developers to create passkey authentication experiences for existing applications. This means they can potentially have a much wider implementation than they currently do. Only a handful of services, such as Google, PayPal, eBay and BestBuy allow users to use passkeys to login in to their respective accounts.
In Bitwarden’s own words, the toolkit has an “an extensive, easy-to-deploy API for integrating FIDO2 WebAuthn-based passkeys into consumer websites and enterprise applications.”
The company’s own research also found that most people are excited (opens in new tab) about a passwordless future, yet IT leaders are reluctant to implement passkeys (opens in new tab) because their applications are not designed for them. Bitwarden hopes to again to address this with the new toolkit.
The firm claims that it only takes “a few lines of code” to get passkeys up and running for existing applications. There is also an admin console in the toolkit so developers can configure applications, manage user attributes, and gain insight into passkey usage.
“Passwordless authentication is rapidly gaining traction because it offers a more secure and streamlined way for users to log into websites and applications,” said Michael Crandell, CEO of Bitwarden.
He added, “Bitwarden empowers developers with the flexibility and tools they need to implement passkey-based authentication quickly and easily, ultimately enabling better user experiences while maintaining the highest levels of security.”