Windows users in a Microsoft Entra ID environment can now use a passkey stored in their Bitwarden vault to log into their Windows device. This brings a secure, phishing-resistant passwordless login to Windows using the Bitwarden mobile app.
Using Bitwarden to log into your Windows device
To begin, there are three prerequisites:
Your device is Microsoft Entra ID joined
Your organization has enabled FIDO2 security key sign-in
You have registered a passkey for your Entra ID profile, with the passkey stored in the Bitwarden vault and your mobile device is logged into Bitwarden
Now you can begin logging into your Windows device with the passkey stored in Bitwarden. At the Windows login screen, select Sign-in options. Select Face, fingerprint, PIN, or security key. A new window will appear. Select iPhone, iPad, or Android device, then scan the QR code with your mobile device. Follow the on-screen prompts and you’ll be logged in!
See it in action:
Bitwarden brings passkey security to your Windows login
Bitwarden serves as the passkey provider in this new Windows login flow. The passkey itself lives in your encrypted Bitwarden vault, which is synced across your devices just like any other vault item. If you lose your phone, your passkey is still accessible from your vault on another device. This is a meaningful distinction from device-bound passkey implementations, where a lost device can mean a locked-out user.
Passwords at the operating system level have long been a critical target for bad actors. A compromised Windows credential and device can provide immediate access to files, applications, and enterprise resources before other security controls can take effect. It is one of the highest-value entry points on any device, keeping it secure is paramount. A passkey is phishing-resistant, and secured behind additional layers of verification and security.
A continued commitment to passwordless innovation
This update is part of a broader arc of collaboration between Bitwarden and Microsoft. Recent work on native passkey integration in Windows 11 lets users create and use passkeys in the Bitwarden vault directly through Windows. These efforts have laid important groundwork in the passwordless movement and authentication industry, and this Windows login capability is the next step in that work.
Bitwarden supports passkey management in every Bitwarden plan. Use a passkey to log into and unlock your Bitwarden vault, set one up as a two-step login method, and store passkeys for signing into other sites and services, all from your synchronized, end-to-end encrypted vault.
Availability
Microsoft is rolling out Windows passkey login throughout March, and is dependent on your Microsoft Entra ID configuration. Passkey management is available today on any Bitwarden plan, including the basic free plan.
Ready to go passwordless? Start a free trial today or reach out to the Bitwarden sales team for more information.