Password managers improve security by making it easy for users to set strong and unique passwords for their accounts. They also make logging in convenient, as users never need to remember their passwords or type them in. They will be autofilled when the user lands on a site that requires a login. However, users still need to enter the master password for their password vault. While this is a minor inconvenience, Bitwarden has announced that its users no longer need to enter their master password, and its password manager now supports passwordless authentication. Passwordless authentication makes it easier and quicker for users to access their password vaults.
The new passwordless authentication feature is optional for users. They can continue to use their master password to access their web vault if they wish. Instead, they can go passwordless and log in via a notification that is sent to their authorized mobile device. If the notification is clicked, the user will be logged in without having to enter a password or provide a security key. Bitwarden says the new passwordless feature uses a public and private key exchange between the user’s web vault and a recognized, authorized device.
A ‘Log in with Device’ option has been added that allows users to use a second device to authenticate to their web vault. Users first need to download the Bitwarden mobile app, and log in. They then need to go into Settings, then turn on the ‘Approve login requests’ option in the Security section. This setting is turned off by default. Once that setting has been turned on, they need to open their Bitwarden web vault, enter their email address, and choose the login with device option. When that option is clicked, a push notification will be sent to the Bitwarden app on their authorized device.
The notification will provide a fingerprint phrase – e.g. endocrine-rewash-unbutton-whooping-trade. They just need to make sure that phrase matches the phrase in their web vault. This feature ensures that the user only authorizes a genuine request. If the phrase matches, they can click on the confirm login button to access their web vault. If 2-factor authentication is set up – if you haven’t set it up, you should do – it is necessary to complete that second step.
Bitwarden says the option to log in with device will only work with a browser that has been used to login to the user’s password vault in the past. Bitwarden recommends setting up the ‘Unlock with Biometrics’ option (fingerprint or face scan), or the ‘Unlock with PIN Code’ option in the app to make the login process faster.