Bitwarden adds passkey support to log into web password vaults

The open-source Bitwarden password manager has announced that all users can now log into their web vaults using a passkey instead of the standard username and password pairs.
Passkeys are the more secure alternative to the passwords that most people set up and are phishing resistant.
In the case of Bitwarden they let users decrypt their vault without the need of the master password, an email address, or two-factor authentication.
Bitwarden's implementation of passkeys is currently in beta and relies on the PRF WebAuthn extension to both authenticate users and to get an encryption key and decrypt data in the vault.
Ryan Luibrand, senior product marketing manager at Bitwarden, explains that end-to-end encrypted applications, such as Bitwarden, need to authenticate users as well as to securely encrypt and decrypt data.
The encryption process requires a static key, which can be derived from a password.
A passkey, which is not shared with the application, would generate a different value for each authentication.
The extension is an emerging standard that enables the creation of symmetric encryption keys from an authenticator, like a security key, when used with a compatible browser.
When a user registers a passkey using a hardware security key, they enable Bitwarden to encrypt that user's vault data using the associated encryption key.
Contrary to how hardware security modules work, the PRF extension does not store keys on the hardware but instead generates keys using input data from the relying party.
Because the key generation is a deterministic process, the same input will always produce the same output, and hence, passkeys can be reliably used for the same online platform or service.
In a post published last summer, Bitwarden provides more details on its implementation of the PRF extension and how it works.
The Bitwarden team has created the following video to showcase how the new feature works on the platform and how users can create passkeys from the account settings menu.
During the beta phase, Bitwarden will allow users of all plans to set up a maximum of five passkeys for the web app.
The feature is currently available in Chromium-based browsers that support PRF WebAuthn, but there are plans to extend it to more clients in the future.
For passkeys not supporting the PRF WebAuthn extension, users can still authenticate without an email or 2FA, using the Bitwarden password for decryption.
Online museum collections down after cyberattack on service provider.
AutoSpill attack steals credentials from Android password managers.
Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops.
Researchers extract RSA keys from SSH server signing errors.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 11 Jan 2024 19:25:40 +0000


Cyber News related to Bitwarden adds passkey support to log into web password vaults

Bitwarden Free vs. Premium: Which Plan Is Best For You? - Bitwarden Free provides a secure vault for credentials, credit cards, identification documents and text files. The Bitwarden Premium plan costs $10 per year and offers additional capabilities such as encrypted file attachment sharing, advanced vault ...
8 months ago Techrepublic.com
Bitwarden adds passkey support to log into web password vaults - The open-source Bitwarden password manager has announced that all users can now log into their web vaults using a passkey instead of the standard username and password pairs. Passkeys are the more secure alternative to the passwords that most people ...
9 months ago Bleepingcomputer.com
Bitwarden's new auto-fill option adds phishing resistance - The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. The issue was highlighted nearly a year ago when Flashpoint ...
8 months ago Bleepingcomputer.com
Bitwarden Password Vaults Targeted in Google Ads Phishing Attack - A recent phishing attack targeting Bitwarden password vaults has been reported via Google Ads. Bitwarden, founded in 2016, is a password management tool that securely stores passwords and other personal information, and up until recently, their ...
1 year ago Bleepingcomputer.com
Getting Started With Passkeys, One Service at a Time - In addition to the major three technology firms supporting passkeys - Apple, Google and Microsoft - third-party password providers, such as 1Password and Bitwarden, implemented their own support for managing the credentials. Overall, more than 7 ...
10 months ago Darkreading.com
Bitwarden: how to create and use Passkeys to sign in - They can use a master password and improve security by adding a two-factor authentication option to the process. A private part of it never leaves the device, which means that all standard password attacks don't work against passkeys. I used the ...
9 months ago Ghacks.net
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication - While online accounts are increasingly protected by passkey technology, it turns out that many banking, e-commerce, social media, website domain name administration, software development platforms, cloud accounts, and more can still be compromised ...
4 months ago Darkreading.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
9 months ago Techrepublic.com
New Developer Tools Are Necessary to Boost Passkey Adoption - The password-less technology known as passkeys are esoteric, far from widely adopted, and confusing for consumers. Based on the WebAuthn standard created by the World Wide Web Consortium and the FIDO Alliance - and jointly supported by Apple, Google, ...
9 months ago Darkreading.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
5 months ago Cyberdefensemagazine.com
CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
7 years ago
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
7 months ago Esecurityplanet.com
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
10 months ago Techrepublic.com
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
11 months ago Bleepingcomputer.com
How To Start Using Passkeys? - To embark on this journey of enhanced protection, the initial step is to comprehend the essence of passkeys and their pivotal role in safeguarding your digital assets. The process kicks off with selecting a robust and unique passkey that serves as ...
9 months ago Hackersonlineclub.com
Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication - Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch's new solution offers a flexible, API-first approach to passkeys that abstracts the ...
11 months ago Helpnetsecurity.com
KeePass disputes report of flaw that could exfiltrate a database - Recent security incidents around password managers such as Bitwarden and 1Password, and a posting last week by independent security researcher Alex Hernandez that the open-source KeePass password manager had a flaw, have sparked discussion in the ...
1 year ago Packetstormsecurity.com
WebAuthn Conditional UI - Despite its recent introduction and ongoing adoption by browsers, there's a noticeable gap in technical documentation and implementation advice for Conditional UI. This article aims to bridge that gap by explaining what Conditional UI is, how it ...
11 months ago Feeds.dzone.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
9 months ago Techrepublic.com
X adds passkeys support for iOS users in the United States - X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. The passkeys will be linked to the iOS device they're generated on and will significantly reduce the risk of breaches by ...
9 months ago Bleepingcomputer.com
X Launches Secure Login with Passkey for iOS Users in US - X is set to allow users to login in with a passkey rather than a password, but only on iOS devices. X earlier announced its intention to roll out passwordless technology, and it has now made the option available to iPhone customers. It enables a ...
9 months ago Cysecurity.news
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
8 months ago Techtarget.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
1 month ago Feedpress.me
Brave to end 'Strict' fingerprinting protection as it breaks websites - Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. Fingerprinting protection in Brave Browser is a feature designed to ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)