Bitwarden's passwordless authentication method lets you log into your web vault using

[harlan4096]

Bitwarden has introduced a passwordless authentication method. It lets you approve the login request from the mobile app, let's find out more about it.



Bitwarden's passwordless authentication systemI should mention this right away, the passwordless authentication does not replace your master password. It's just a shortcut to allow you to sign in to your account in desktop browsers.

If you already use Bitwarden's desktop app, you may be aware that it lets you unlock the vault using Windows Hello and macOS Touch ID. The browser extension also supports these passwordless sign in options, but you need to have the vault unlocked in the desktop app for it to work. Similarly, the mobile apps support fingerprint unlock, and unlock with PIN code. The new authentication method extends the passwordless login experience by bringing in a secondary device into play.

The big question is, is this method safe to use? Bitwarden says that its passwordless authentication requests are encrypted before they leave your device (end-to-end encryption). The vault has to be unlocked in the mobile app, before you can approve the login request. According to a support page on the company's website, login requests expire after 15 minutes if they aren't approved or denied.

When you try using the new authentication method, the mobile app and the web vault will display a sentence with random words, this is your account's fingerprint phrase. It should match the one on your other device, i.e. you should see the same phrase on the web vault and the mobile app's login request page.

This helps you ensure that the sign in attempt is secure. The mobile app also gives you some additional information such as the type of device used (though it just mentions the browser), the IP address where you tried logging in from, and the time when the request was made. It's worth noting that this passwordless login method does not support the official browser extensions currently, it only works with Bitwarden's cloud server.
 
The setting to approve login requests is not enabled by default in Bitwarden password manager's mobile app. (refer to step 2 and 3 below). If you don't want to use it, you can just ignore it. The company is recommending its mobile app's users to enable the Unlock with Biometrics option (for fingerprint scanners and Face ID), or unlock with PIN code for a faster experience (than entering the master password to unlock the vault.
...

Continue Reading