Bitwarden launches passkey login on Windows 11. The system prevents phishing while maintaining management capabilities within organizations.
Bitwarden makes it possible to log in to Windows 11 devices using passkeys. The functionality offers a phishing-resistant way to gain direct access to the desktop without passwords. Bitwarden introduced the feature in beta late last year. Users can use their passkey from the Bitwarden vault to authenticate via a QR code.
Passkeys replace traditional passwords with cryptographic credentials stored in the Bitwarden vault. During login, Windows displays a QR code that can be scanned with a mobile device. This allows the user to confirm access to the passkey without exchanging shared secrets.
Scanning the QR code
When starting a Windows 11 device, a QR code appears on the screen. Users then scan this code with their smartphone, after which the Bitwarden app uses the passkey from the vault to complete the authentication. The process is entirely passwordless and utilizes cryptographic keys tied to the device, the user, and the origin of the request.
This method is phishing-resistant because no shared secrets are exchanged. Attackers cannot intercept or reuse the QR code, significantly increasing security. Furthermore, all passkeys remain centrally managed via the Bitwarden vault.
Who can use this functionality?
Passkey login for Windows 11 is available to users who store their passkeys in the Bitwarden vault. The system works on compatible Windows 11 devices in environments using Microsoft Entra ID. Companies and organizations can deploy this functionality to strengthen the security of their systems, especially in environments where traditional passwords pose a risk.
The integration of passkeys into the Windows login process closes a security gap. While passkeys are on the rise, they have primarily been used for websites and applications. For Windows itself, there was still room for improvement, even though the functionality already existed. 1Password, for example, previously introduced similar functionality. With Windows Hello and biometrics, passwordless login is also already possible.