BitWarden and PassKeys

, BitWarden and PassKeys

24 Aug 2025

2FAS does not yet offer PassKey authentication.

Using mostly Google browser for website logins,
which has well integrated PassKey support,
but I trust them less than when signing up for Gmail (2001).
Google seemingly assumes that users will
keep conventional passwords for sites as backup,
so arguably less secure, with larger security perimeter to exploit.
Google supports iPhone as PassKey authentication device.
YouTube demonstration
Use iPhone to authenticate Gmail account PassKey
with complex password for backup.
PassKeys are Public-key cryptography
- public-private key pairs
- PassKey private keys must be secured and unlocked
  by password and/or biometrics e.g. on two-factor device.
- PassKey private keys should be backed up.
  If they are automatically synced by Internet,
  then those PassKey bundles are vulnerable
  to whatever password mechanism decrypts them.
- FIDO the PassKey management standard.
Amazon login by PassKey kinda sucks.
Like many sites, Amazon implemented PassKeys only as an alternative 2-factor authentication method, not login replacement.
Here is a list of websites supporting PassKey login;
these websites support PassKeys one way or another (e.g. 2FA)
PassKeys.directory

Whether Bitwarden Password Manager could be deployed
only for PassKeys is unclear.

BitWarden seemingly does NOT (yet) support iPhone
as authenticator device for e.g. Windows Chrome browser.
BitWarden Vaults sync to their webserver.
BitWarden apps do not encrypt their data.
Perhaps 7z vault with password, save to USB thumb drive...?

maintained by blekenbleu