PRF WebAuthn and its role in passkeys

Bitwarden recently launched passkey management for users to store and manage passkeys within their vaults and the ability to use passkeys to sign into the Bitwarden web vault. These exciting features mark the beginning of the end for usernames and passwords. 

Accessing and unlocking the Bitwarden vault with a passkey leverages an extension for WebAuthn called the pseudo-random function or PRF. This article explores a little more about this leading-edge standard and how it may impact the user experience of passkey login. 

If you’re an early adopter who has been testing the PRF extension, join the Bitwarden community and share your experience. 

The PRF extension for WebAuthn is an emerging standard that sources symmetric keys from an authenticator. When using an authenticator such as a security key along with a compatible browser, the WebAuthn PRF extension allows the authenticator to generate an encryption key associated with a particular site, often called the relying party. This key can then be provided to that site during authentication. For example, a Bitwarden user registers a passkey from the hardware security key. Afterwards, Bitwarden can then use that encryption key (associated with the passkey) to encrypt the user’s vault data. 

Unlike a hardware security module (HSM), which controls access to an organization's digital security key, the PRF extension does not store encryption keys on the hardware device. Instead, it uses input data (a salt) provided by the relying party to generate keys, a deterministic operation where the output will always be the same for a certain input. This differs from regular FIDO2 outputs (or signatures) which will always be different regardless of the input or challenge. For this reason, FIDO2 is not generally used for encryption and why the PRF extension is important – it allows passkeys to be used for encryption operations.  

When you use an authenticator such as a security key and a browser that supports the security key – as showcased in this demo entitled “Sign in and unlock Bitwarden with passkeys” –  the PRF extension prompts the authenticator to generate an encryption key associated with a particular website. This key can be provided to that application after authentication.

As an example, a Bitwarden user who registers a passkey from a device can use that same passkey to encrypt and decrypt their vault. This means that with the PRF extension, users can decrypt their Bitwarden vaults without a master password entirely (though you may still want one for backup).

PRF also extends additional convenience and security if you’re on a temporary device.

How? First, let's explore traditional authentication: If you use a YubiKey for 2FA, this YubiKey determines who Bitwarden servers will give your encrypted vault to -- it adds an additional layer of security on top of your master password. Your vault decrypts only after it has received authentication provided by YubiKey. In most cases, this is a secure set up.

However, if a bad actor gains access to your encrypted vault by somehow bypassing 2FA, then the protection provided by the YubiKey is void. This is because the YubiKey was used to help the Bitwarden server determine whether the encrypted vault should be shared with you; not as part of the encryption process. In this case, the Yubikey 2FA does not alone ensure the highest security standards, especially if a weak master password was used.

PRF addresses this gap by replacing your master password with a strong encryption key, which is much harder to crack compared to passwords. This feature has not yet been implemented, but will be soon part of the Bitwarden roadmap.

PRF is currently available in Chromium based browsers, such as Google Chrome and Microsoft Edge.

As the possibilities of PRF unfold, join the Bitwarden community and share your experiences. Together, let’s help make the online world more secure!

Build passkey authentication for your websites and applications with Bitwarden Passwordless.dev.

Learn how Bitwarden is helping customers adopt secure password-free experiences.

Editor's note January 11, 2024: Updated to note that passkey management and Login with Passkey is available.