BitwardenFeb 5

πŸ” By community request, you can now unlock your vault with a passkey,

Available now in the web app and with Chromium-based browser extensions (rolling out this week).

https://community.bitwarden.com/t/unlock-with-fido2-passkeys/13224

Why passkeys?

βœ… Faster than typing your master password

βœ… Phishing-proof: only work on originating website

Requires a compatible PRF-capable setup

https://bitwarden.com/help/login-with-passkeys/#set-up-encryption-for-unlock

Show threadDan HugoFeb 5

@bitwarden

Why is this bit coming to mind?

(Brian Regan, safe for work and sensitive ears)

https://www.youtube.com/watch?v=1KbHL_sWnNY

"Peanut butter and jelly in the same jar..." 🎀: Brian Regan #shorts

YouTube
Show threadBitwarden
@danhugo Hi Dan! If you already have a Yubikey lying around, it's a great backup option for seamless vault access, and you can protect the Yubikey with a pin.
Feb 5 at 5:00pmWeb
Show threadDan HugoFeb 5

@bitwarden

I do. I'm totally fine with how things are working.

But I read the comments on the post πŸ˜‚

Show threadBitwardenFeb 5
@danhugo 🀣
Show threadJack-FrostodonFeb 5
@bitwarden @danhugo Any word on when we can see Webauthn-prf support enter Firefox proper, @firefoxwebdevs? From the looks of this issue - https://github.com/mozilla/standards-positions/issues/798 - it would appear to not be a near-term roadmap item.
WebAuthn PRF extension Β· Issue #798 Β· mozilla/standards-positions

Request for Mozilla Position on an Emerging Web Specification Specification Title: WebAuthn PRF extension Specification or proposal URL (if available): https://w3c.github.io/webauthn/#prf-extension...

GitHub
Show threadDan HugoFeb 5

@jackf723 @bitwarden @firefoxwebdevs

You want to take this one, bw?

Show threadFirefox for Web DevelopersFeb 6
@jackf723 @danhugo this isn't a feature that I'm very familiar with personally, but https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions suggests this was shipped in 139
Web Authentication extensions - Web APIs | MDN

The Web Authentication API has a system of extensions β€” extra functionality that can be requested during credential creation (navigator.credentials.create()) or authentication (navigator.credentials.get()) operations. This article explains how to request WebAuthn extensions, retrieve information about the responses from those requests, and the available extensions β€” including browser support and expected inputs and outputs.

MDN Web Docs
Show threadDan HugoFeb 18

@bitwarden

Definitely looking forward to selecting a clip for this one…

"Password managers' promise that they can't see your vaults isn't always true - Ars Technica" https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/

Password managers' promise that they can't see your vaults isn't always true

Contrary to what password managers say, a server compromise can mean game over.

Ars Technica