Storing Passkeys
Passkeys can be stored and used with the Bitwarden password manager vault. Using the Bitwarden browser extension, users can log in to their favorite apps and websites that have passkey login capability. Passkeys are a safe, passwordless alternative for users to log into services across their devices.
Developed with the standards set by the FIDO Alliance, passkeys allow a user to secure their accounts and bypass the vulnerabilities that come with standard password authentication, such as phishing. The stored passkeys are protected with Bitwarden's trusted end to end encryption.
Passkeys are a replacement for passwords that provide fast, easy, and secure sign-ins to websites and apps across a user's devices. More precisely, "passkey" is a consumer-friendly term for a discoverable FIDO credential that can be synced to allow secure passwordless sign-ins across devices, or dedicated to a single piece of hardware as a device-bound passkey.
Apps and services can request that passkeys created with them are verified with a PIN, password, pattern, or biometric factor when you save or access them. The Bitwarden Password Manager will add support for PIN, password, and biometric verification in a future release. For more general information about passkeys, see Passkey FAQs.
Passkeys are stored and invoked via the Bitwarden browser extension. This means that both discoverable and non-discoverable passkeys can be stored in Bitwarden and used to log in to websites with passkey capabilities.
note
Saving and using passkeys are a feature of the Bitwarden browser extension. Other Bitwarden clients can be used to view the saved passkey.
In the Bitwarden vault, a new field will now display a stored passkey. Once a new passkey has been saved, the item can be viewed from any Bitwarden vault and is located in the Passkey field.
When creating a new passkey on a website or app, Bitwarden will prompt you to store the passkey in the Bitwarden browser extension.
note
Select Use browser if you do not wish to store the passkey in the Bitwarden vault.
If a passkey already exists for this service, the browser extension will notify you and allow you to save a new passkey by selecting the icon, or overwrite an existing passkey.
note
Only one passkey can be saved per login item. If a credential is saved in multiple places, for instance as two separate login items in the individual vault and organization vault respectively, a different passkey can be be stored with each login item.
Test it out here https://demo.yubico.com/playground.
To use a passkey stored in Bitwarden, initiate the passkey login on the website. Your system will prompt for passkey login. While Bitwarden is enabled, the Bitwarden browser extension will provide an option to login using the passkey stored in your Bitwarden vault.
Related passkeys will be displayed in the Bitwarden dialogue box. Select the passkey you would like to use and press confirm.
note
If master password re-prompt has been enabled on the login item, you will be required to re-enter your master password in order to access the passkey.
To delete the passkey field from a vault item:
Access the vault item Edit screen from the Password Manager web app.
Select the delete icon for the Passkey field.
Passkey delete
If you don't want to use the Bitwarden browser extension to prompt you to save and use passkeys for specific sites, you can set excluded domains. You can also turn off the prompt entirely by:
Navigating to the Settings tab.
Selecting Options.
Un-checking the Ask to save and use passkeys option.
The following FAQ items are in reference to Bitwarden passkey storage. For general passkey information, see Passkey FAQs.
Q: Will passkeys be included if you clone a vault item?
A: Bitwarden will not copy a passkey when completing a clone action.
Q: Are stored passkeys included in Bitwarden imports and exports?
A: Passkeys imports and exports will be included in a future release.
Q: Can I store passkeys in the mobile app?
A: Passkeys support for mobile applications is planned for a future release.