Storing Passkeys

Passkeys can be stored and used with the Bitwarden password manager vault. Using the Bitwarden browser extension, users can log in to their favorite apps and websites that have passkey login capability. Passkeys are a safe, passwordless alternative for users to log into services across their devices. 

Developed with the standards set by the FIDO Alliance, passkeys allow a user to secure their accounts and bypass the vulnerabilities that come with standard password authentication, such as phishing. The stored passkeys are protected with Bitwarden's trusted end to end encryption.

Passkeys are a replacement for passwords that provide fast, easy, and secure sign-ins to websites and apps across a user's devices. More precisely, "passkey" is a consumer-friendly term for a discoverable FIDO credential that can be synced to allow secure passwordless sign-ins across devices, or dedicated to a single piece of hardware as a device-bound passkey.

Apps and services can request that passkeys created with them are verified with a PIN, password, pattern, or biometric factor when you save or access them. The Bitwarden Password Manager will add support for PIN, password, and biometric verification in a future release. For more general information about passkeys, see Passkey FAQs.

Passkeys are stored and invoked via the Bitwarden browser extension. This means that both discoverable and non-discoverable passkeys can be stored in Bitwarden and used to log in to websites with passkey capabilities.

In the Bitwarden vault, a new field will now display a stored passkey. Once a new passkey has been saved, the item can be viewed from any Bitwarden vault and is located in the Passkey field.

The passkey field is not editable and will contain the creation date of the passkey. 

When creating a new passkey on a website or app, Bitwarden will prompt you to store the passkey in the Bitwarden browser extension.

If a passkey already exists for this service, the browser extension will notify you and allow you to save a new passkey by selecting the  icon, or overwrite an existing passkey.

To overwrite an existing passkey:

1. Initiate the creation of a new passkey from your chosen website or service.

2. Choose the existing login item where you wish to store the new passkey and select Save passkey.

Test it out here https://demo.yubico.com/playground.

To use a passkey stored in Bitwarden, initiate the passkey login on the website.

After selecting the passkey login option on a website, your system will prompt for passkey login. While Bitwarden is enabled, the Bitwarden browser extension will provide an option to login using the passkey stored in your Bitwarden vault.

Related passkeys will be displayed in the Bitwarden dialogue box. Select the passkey you would like to use and press confirm.

The following FAQ items are in reference to Bitwarden passkey storage. For general passkey information, see Passkey FAQs.

Q: Will passkeys be included if you clone a vault item?

A: Bitwarden will not copy a passkey when completing a clone action.

Q: Are stored passkeys included in Bitwarden imports and exports?

A: Passkeys imports and exports will be included in a future release.

Q: Can I store passkeys in the mobile app?

A: Passkeys support for mobile applications is planned for a future release.