Everyone deserves to stay secure online. Bitwarden envisions a world where no one gets hacked and offers a fully-featured free password manager for individual use. With the September 2023 release, Bitwarden brings FIDO2 WebAuthn two-factor authentication to all users logging in to Bitwarden. Anyone with a Bitwarden account can use passkey technology to secure their accounts from unauthorized access.
Bitwarden leads in providing a fully featured, individual free plan to keep your passwords and other sensitive information secure. While other password manager companies do not offer, or place arbitrary password or device limits on their free plans, Bitwarden believes in giving users access to unlimited login items across unlimited devices. This commitment to security for all is reflected in continuous enhancements to the individual Bitwarden plan, with FIDO2 WebAuthn 2FA now available for free to everyone today for two-step login, and additional passkey support coming soon. This ensures that everyone can benefit from robust password protection and peace of mind.
Bitwarden stands out in its commitment to providing security for all.
FIDO2 WebAuthn 2FA utilizes passkey protocols and a public/private key pair to verify your identity, specifically as a function of two factor authentication. In securing your Bitwarden account, after you login to Bitwarden you will be asked for your FIDO2 WebAuthn credential to authenticate and access your account. This second step for logging in protects your account from unauthorized access. Read more about how this works in this blog post: FIDO2 Security Key Support.
There are multiple ways to create the FIDO2 WebAuthn passkeys for two-step login. Bitwarden supports using both device-bound passkeys, like those from a hardware security key, and synced passkeys that are generated from a third-party passkey provider. Examples of device-bound passkeys include YubiKeys, SoloKeys, and other hardware keys. Modern operating systems can also create device-bound passkeys stored securely on your device through Windows Hello, for example. Third party passkey providers create synced passkeys for use across multiple devices for added convenience. Any method for generating FIDO2 WebAuthn keys for two-step login enhances the security of your Bitwarden account.
Turning on two-step login is easy, and everyone should do it! Using any type of 2FA is the best way to ensure your data is safe, second only to having a strong Bitwarden password. Bitwarden allows users to store up to five WebAuthn keys for two-factor authentication. It’s a good idea to have at least register two separate keys/devices in case you lose one so that you can always have access to your account. To get started, follow the steps in this guide: Help: Two-step Login via FIDO2 WebAuthn
Practicing good security requires just that, practice. It is a learned habit to think about security and critically review emails and websites for suspicious phrases or tells. Employees who have good habits at home bring them into the workplace and help create a culture of security. A report from 451 Research shows that businesses can drive password management adoption at work by deploying a password manager that can be used for both work and business, driving protection and preventing data breaches. This research also guided Bitwarden for offering free Families plans to enterprise users.
Giving the world, including current and future employees, the right tools they need to learn how to keep their personal digital lives secure benefits businesses everywhere. Security as a life skill that is exercised at home and school will also lead to security in the office.
Passkeys and the work of the FIDO Alliance, of which Bitwarden is a sponsoring member, make credential security passwordless. Using FIDO2 WebAuthn passkeys for two-step login is just one application for this technology. Bitwarden will bring passkeys into the Bitwarden Password Manager alongside other vault items, allowing users to quickly and securely log into websites and applications. Shortly following, users will be able to log into Bitwarden itself using passkeys for secure passwordless authentication. Bitwarden also provides developers the tools they need to create passkey logins for their websites and applications through Passwordless.dev.