Passwordless Authentication - Access Your Bitwarden Web Vault Without a Password
Bitwarden launches a new passwordless authentication feature making it easier and faster to log into your web vault. The Log in with device option lets you use a second device to authenticate your web vault login instead of using your Bitwarden password. Read on to learn how this works, maintains security, and what the future of passwordless looks like for you and Bitwarden.
Before we get started, if you do not have it, install the Bitwarden mobile app on your phone and login there. In the Settings, turn on the Approve login requests option in the Security section (off by default).
Now that you’re ready, head to the Bitwarden web vault, and enter your account’s email address. On the next screen you will see a new option to Log in with device. Selecting this will send a push notification to your Bitwarden mobile app for approval.
Open your Bitwarden mobile app, confirm the login request within the notification, and the web vault in your browser will automatically log in. Fast and easy!
To extend the passwordless experience to your mobile app you should set up Unlock with Biometrics or Unlock with PIN Code, and be sure that the Vault timeout action is set to Lock. Now you can quickly unlock your mobile app using your fingerprint, Face ID, or a short PIN number, and by extension, access the web vault without entering your password.
Several technology safeguards keep this process locked down:
End-to-end, zero knowledge encryption - the communication between the web vault client and the mobile app are completely encrypted with a public and private key pair, with data encrypted before it even leaves the device.
Client fingerprint phrase - the web vault login will show a Fingerprint Phrase that identifies the login attempt. It might look something like
juniper-sandbar-footnote-improve-evolution. This phrase will also appear in the login request on the mobile app. You should make sure that they match before approving the request.
Two-step Login - if you have two-step login turned on (and you should!) you will still need to complete the second step after approving the login.
Note: If you’re a member of an organization that has enabled Single Sign-On policies, you will be required to go through the Enterprise single sign-on process instead of Log in with device.
Recognized devices only - the option to log in with a device will only be available to a browser that has logged into your Bitwarden account before.
If you’re interested in the more technical aspects of how it works and the flow of encrypted data, more information is available here: Help Center: Passwordless Login - How it works.
Bitwarden offers multiple ways to access your vault without a password: biometrics (facial recognition or fingerprint) and PIN, on the mobile app, desktop app, and browser extension. Now logging in with a device adds a passwordless method to access your web vault as well.
By virtue of using Bitwarden as your password manager, you can live the passwordless life with all your accounts and websites by skipping typing in passwords. Bitwarden generates, stores, and autofills passwords so they can be the furthest from your mind during your day-to-day internet activities.
Passwordless authentication will be adopted by individuals and businesses as the preferred method of logging into accounts. A member of the FIDO Alliance, which is developing passwordless technologies and standards like passkeys, Bitwarden is committed to the future of passwordless and a safer internet for everyone.
The ability to log in with a device was a part of the November update, which includes additional new features and improvements!
Visit bitwarden.com today to learn more about other features, plans, pricing, and how Bitwarden can help you keep your passwords, logins, and other data secure!
Note: Logging in with a device is currently only available on the Bitwarden cloud server (https://vault.bitwarden.com).