Bitwarden and the Passwordless Revolution
Bitwarden started with a vision to help create a world where no one gets hacked. That vision includes passwords and also extends to make everyone’s online experiences more secure. Unlike other password managers, the Bitwarden name does not include the word password. This was purposeful and meant to reflect a broader approach beyond passwords to all types of sensitive information.
Broadly, this means providing the best online security solutions to everyone, wherever they are. Specifically, it means embracing passwordless authentication as a method to eliminate passwords and therefore removing them as a potential vulnerability for cybercriminals. To support this, Bitwarden is creating new technologies for our customers to adopt passwordless workflows and, ultimately, an end-to-end passwordless experience.
Passwordless authentication is the future. It’s true, currently passwords are integral to security procedures. But poorly managed passwords can result in major security breaches. The largest ransomware attacks of 2021 were related to stolen or compromised passwords: Solar Winds encountered a devastating nation state attack that compromised up to 18,000 businesses; and a cyberattack on the Colonial Pipeline forced the company to shut off gasoline supplies. Weak or re-used passwords are vulnerable until everyone - companies and individuals alike - implement long and unique passwords, and then securely store them in an end-to-end encrypted password manager.
Bitwarden now includes biometric login, Bitwarden passwordless SSO integration, and Bitwarden security key support with more capabilities planned to help companies accelerate their adoption of passwordless authentication. A member of the FIDO Alliance, Bitwarden offers cross-platform solutions compliant with FIDO2, furthering a commitment to developing safe and secure forms of authentication. The Bitwarden approach to passwordless innovation is grounded by the following goals.
Biometrics change the way we interact with our devices. We use facial recognition to sign into our mobile devices, fingerprint scanners to access our computers, and voice recognition to launch digital assistants. Bitwarden currently offers fast and secure biometric unlocking across multiple clients. Customers enhance both true passwordless security and ease of use to their Bitwarden authentication through TouchID, FaceID, Windows Hello, or Android Login with Biometrics.
Enterprise customers deploy passwordless technologies in phases based on company size, number of departments, types of internal applications and services deployed, number of work personas, and overall IT structure. These criteria shape how quickly companies transition into other forms of authentication.
Today, Enterprise customers can integrate Bitwarden with their single sign-on (SSO) systems and identity provider based on passwords, tokens, or other passwordless entry points. These provide important building blocks for enterprises to evaluate the security and usability benefits of passwordless solutions.
Physical security keys for two-factor authentication play a critical role in the passwordless era, especially as hybrid work becomes the norm and the digital threat surface increases. By using a hardware-based key, not replicable without the key itself, users can ensure no one else logs into their account without access to the same physical key. Today all Bitwarden customers can set up two-step login for their Bitwarden Vault with authenticator applications and email. Paid customers can add security keys, Duo Security, Yubico, and FIDO2 solutions.
Bitwarden is shaping the passwordless future and helping everyone - from individuals to the largest enterprises - stay safe. The approach to security is evolving, especially as companies adopt a cloud-first approach for new projects, services, and data. As it evolves, Bitwarden remains steadfast in its mission to empower individuals, teams and organizations to access and share sensitive data easily and securely online.
Whether you’re embracing the latest in biometrics, FIDO2 authentication, and modern passwordless integrations, Bitwarden stands ready to help customers begin their passwordless journey. Bitwarden is the only open source enterprise password manager that offers zero knowledge, end-to-end encryption, and cross-platform support so your company data is completely secure. Register for a free individual account or start a free Enterprise trial today.
Editor's Note: This blog was originally published on November 1st, 2021 and was updated on July 17th, 2022.