Today, all users can start logging into their Bitwarden web vaults and browser extensions with a passkey, without typing in a username or password. This implementation uses the emerging
Update - 11/18/25: Passkey login comes to browsers
Users can now use passkeys to log into the Bitwarden browser extension in Chromium-based browsers (e.g. Edge, Chrome, Brave) in lieu of entering an email address and master password. This brings the ease of secure, passwordless login to the most-used Bitwarden app, bringing a positive impact to millions of users worldwide.
As the technology of the WebAuthn PRF extension for passkeys continues to be implemented across various platforms, Bitwarden quickly follows with additional passkey innovations, improving security and ease of use.
Note: Unlocking a Bitwarden vault (e.g. after vault timeout) with a passkey will be available in an upcoming release.
What it means for Bitwarden users
More security for everyone
Passkeys are stronger and more secure than passwords, cannot be guessed, and are resistant to phishing. Using a passkey to log into Bitwarden accounts combines the passkey security with the zero knowledge, end-to-end encryption protection that Bitwarden delivers for users’ sensitive information and credentials. Following the Bitwarden vision of bringing security to everyone, logging in with a passkey is included in every Bitwarden plan, including free.
Log in with a single step
This new innovative passkey technology allows Bitwarden users to authenticate and decrypt their accounts in a single step - all without using their Bitwarden password, 2FA, or even login email address. Simply present the PRF compatible passkey and activate its user verification challenge, and a user will be signed into their Bitwarden account. This significantly streamlines logging in while also adding security as the passkey is unguessable and will only work for the official Bitwarden web app, protecting against malicious phishing attempts.
Watch how it works with this short demo:
Passkeys and end-to-end encryption
Bitwarden utilizes a new passkey technology to implement the passkey login feature, putting Bitwarden at the forefront of innovation with passkey authentication and encryption. This provides a proof-of-concept and an example for other end-to-end encrypted applications to follow.
Encryption needs a static key
Applications that are end-to-end encrypted, such as Bitwarden, have to both authenticate the user and securely encrypt and decrypt data. To do so, an encryption key, consisting of a long string of random characters, is needed and must be constant and unchanging, such as what is
The PRF Extension for passkeys
Enter the
PRF WebAuthn extension allows the Bitwarden client to use a passkey for dual purposes: to authenticate the user, and to retrieve an encryption key and decrypt the data, granting access to the user’s Bitwarden account. The result is a fast, convenient, and secure login that maintains zero knowledge, end-to-end encryption and distinguishes Bitwarden as a passwordless security leader.
Feature availability
In this beta release, users on any Bitwarden plan with compatible passkeys and browsers will be able to set up to five passkeys for logging into the Bitwarden web app. Currently, browsers based on Chromium, such as Google Chrome and Microsoft Edge, support PRF WebAuthn. This functionality will come to other Bitwarden clients in future releases.
For passkeys that do not support the PRF WebAuthn extension, such as those created in other passkey providers, the passkey can still authenticate the user without the email address and 2FA, while the Bitwarden password would be used for decryption.
Learn more and start using passkeys with Bitwarden
If you are interested in learning more, visit the
Ready to begin your passwordless journey with Bitwarden? Get started with a