My naive understanding would be: a passkey replaces a password for an individual login; a biometric authentication replaces a password for the vault that stores individual login passwords.
so basically: right now, I have a master password, and I can set up Bitwarden to bypass the master password with biometrics. With passkey set up, I will no longer have a master password, and biometric will be the only login method?
With Passkeys you are creating a encryption key pair for use for each service you want to log into as a kind of unquie virtual hardware key that gets stored in a cloud. Acess to that cloud is then contoled by an actual hardware key like the one built into your phone. That means rather than using a hardware key to unlock a vault of passwords which is what you’re doing now, you’re using it to unlock a vault of key pairs.
The main advantages of this is the services you log into only hold a public key, not a password, but doesn’t have to interact with your hardware key just your passkey provider. Meaning if you need to change your hardware key you only have to change it in one place instead of across everything you login to. That being one of the biggest pain points for getting people using hardware keys even now their built into a lot of platforms.
The major issue with Passkeys so far has been that it’s been pushed by 3 big single sign on providers, Apple, Google, and Microsoft. And there’s been some worry about being forced to use big corpate closed source providers. But with now with Bitwarden introducing them it’s a big step towards this becoming the future.
Am I missing something? Bitwarden already has support for authentication via biometrics or Windows Hello. How is this different from that?
My naive understanding would be: a passkey replaces a password for an individual login; a biometric authentication replaces a password for the vault that stores individual login passwords.
so basically: right now, I have a master password, and I can set up Bitwarden to bypass the master password with biometrics. With passkey set up, I will no longer have a master password, and biometric will be the only login method?
It is not about logging in to BitWarden via PassKey, but logging in via BitWarden to other services.
Confusing, but what it means is you not storing password in a manager, but a cryptographic private key.
This may help. https://monero.town/comment/2295151
With Passkeys you are creating a encryption key pair for use for each service you want to log into as a kind of unquie virtual hardware key that gets stored in a cloud. Acess to that cloud is then contoled by an actual hardware key like the one built into your phone. That means rather than using a hardware key to unlock a vault of passwords which is what you’re doing now, you’re using it to unlock a vault of key pairs.
The main advantages of this is the services you log into only hold a public key, not a password, but doesn’t have to interact with your hardware key just your passkey provider. Meaning if you need to change your hardware key you only have to change it in one place instead of across everything you login to. That being one of the biggest pain points for getting people using hardware keys even now their built into a lot of platforms.
The major issue with Passkeys so far has been that it’s been pushed by 3 big single sign on providers, Apple, Google, and Microsoft. And there’s been some worry about being forced to use big corpate closed source providers. But with now with Bitwarden introducing them it’s a big step towards this becoming the future.