Bitwarden adds support for passkeys

247 点作者 edsimpson超过 1 年前

17 条评论

yonixw超过 1 年前

From the FAQ [1]:> Q: Are stored passkeys included in Bitwarden imports and exports?> A: Passkeys are not included in imports and exports.I think it's the same for iCloud [2]. That is why I don't love it. I prefer a very long password, and Bitwarden "Device login" that will prompt in my iPhone that will require FaceID (So essentially I have bio login). And 2FA to lower hacking chances. I'm aware I'm still vulnerable to phishing but because there is no export, this is a marriage to Bitwarden. And as much as I love them... I'm not ready yet.But essentially it's a certificate... so I wonder why no private key export? Maybe because current implementation uses some CA that binds you to the issuer?[1] <a href="https://bitwarden.com/help/storing-passkeys/" rel="nofollow noreferrer">https://bitwarden.com/help/storing-passkeys/</a>[2] <a href="https://redd.it/143acl5" rel="nofollow noreferrer">https://redd.it/143acl5</a>

评论 #38105245 未加载

评论 #38105270 未加载

评论 #38107375 未加载

评论 #38105046 未加载

评论 #38106016 未加载

评论 #38109256 未加载

评论 #38104653 未加载

评论 #38106180 未加载

评论 #38117373 未加载

评论 #38105450 未加载

评论 #38104621 未加载

评论 #38104782 未加载

评论 #38106961 未加载

traviswt超过 1 年前

Bitwarden is underrated. Passwords run everything in our digital life. I will gladly take a UI compromise here and there for more trustworthiness.

评论 #38103597 未加载

评论 #38103739 未加载

评论 #38104630 未加载

评论 #38103788 未加载

评论 #38104153 未加载

评论 #38110919 未加载

评论 #38103669 未加载

评论 #38107089 未加载

deutschepost超过 1 年前

One of the nicest thing about bitwarden is the ability to selfhost it. I don't think there is anything like it.1password seems to have the best UX in the field. But you always have to trust some company with the keys to your digital life.Self hosting password managers is not as big of a deal as it should be.

评论 #38107473 未加载

评论 #38104163 未加载

评论 #38105760 未加载

Spunkie超过 1 年前

One of the benefits we saw moving from lastpass to bitwarden is it allow us to much more easily reduce duplicate entries for the same site/account.So it's pretty annoying to see in the docs for this passkey feature that they just expect you to make a duplicate bitwarden entry for every additional passkey you need to add to an account. Especially when it's standard to register a backup key for any service that uses passkeys.

评论 #38103935 未加载

评论 #38108942 未加载

评论 #38105714 未加载

评论 #38103796 未加载

sigio超过 1 年前

Looks like the new version isn't approved for the firefox addons repository just yet... So haven't been able to try it out, but very happy with bitwarden (self-hosting a server using vaultwarden)

评论 #38103975 未加载

评论 #38104799 未加载

quaffapint超过 1 年前

So it's browser extension only? I can't use the android app to login with a passkey I stored from my desktop browser? Hopefully they'll add that support soon enough, because password access on my mobile is a big pain point.

评论 #38108906 未加载

FloatArtifact超过 1 年前

Looks like they're planning for export of passkeys.Q: Are stored passkeys included in Bitwarden imports and exports?A: Passkeys imports and exports will be included in a future release.

gingerlime超过 1 年前

perhaps a better link? <a href="https://bitwarden.com/help/storing-passkeys/" rel="nofollow noreferrer">https://bitwarden.com/help/storing-passkeys/</a>Not sure if passkeys are supported on iOS or Android (only the browser extension is explicitly mentioned) and also they cannot be imported or exported according to the page.

评论 #38113259 未加载

评论 #38104495 未加载

jwally超过 1 年前

I'm missing something.Webauthn puts a private key into a firewalled section of hardware onto your device - which is extremely prickly to work with in my experience - for your security.For passkeys to be transferable the private key cannot be locked to your device.Is bitwarden somehow able to "spoof" this hardware and have your browser generate private keys in it instead?

评论 #38107757 未加载

aborsy超过 1 年前

Does the code in Vaultwarden mimic the code in the self hosted version of Bitwarden?Or a code audit in Bitwarden has no bearing on vaultwarden?

评论 #38104979 未加载

评论 #38104145 未加载

mnahkies超过 1 年前

What's the story with passkeys and broken/lost devices?I'm a bit out of touch here, and I assume adding support to password managers like bitwardon mitigates this risk similar to using them to store MFA seeds, or apps like authy over Google authenticator

评论 #38104277 未加载

scottydelta超过 1 年前

I have been self hosting bitwarden/vaultwarden for 4 years now and my setup is hosted behind two self hosted vpns(openvpn and wireguard where one acts as backup vpn).This ability to self host in itself is worth so much.

treve超过 1 年前

I feel I may have made a mistake going all in on keepasscx. Been looking for something without a subscription and ideally open source. Keepassxc looks like it has a much nicer UI.

评论 #38103776 未加载

gregorvand超过 1 年前

Pair it with mailpass.io and you have PassKeys all round, and real phishing protection than using gmail/ms/icloud emails as the communication method. Using a pw manager works well with it since the manager quickly stores the unique alias assigned to the service (ie instead of the same persistent email each time)

评论 #38109959 未加载

cmurf超过 1 年前

iOS inhibits solving the cross platform problem, due to lack of browser extensions for all browsers.I get to use iOS built-in password manager, sync only on Apple devices and then no where else; or I get to use Bitwarden everywhere but on iOS no browser integration, I have to copy and paste (separately) user and password. Or even more lovely, maintain separate managers.

评论 #38108989 未加载

renewiltord超过 1 年前

Great news. This is my favourite (and now only) password manager.

seemaze超过 1 年前

I've been waiting for this ever since Apple locked passkey support behind their existing (and infuriating) password autofill implementation. It irritates me so much that I refuse to use passkeys on iClould anymore, which is a shame becuase I really enjoyed the UI (for passkeys) and biometric auth built in to their products.