Bitwarden adds FIDO2 WebAuthn 2FA feature for enhanced user account security

Bitwarden, a widely used password manager, has recently announced the incorporation of FIDO2 WebAuthn two-factor authentication (2FA) for all its users. This feature provides an additional layer of security, leveraging passkey technology to prevent unauthorized access to user accounts.

In their blog post, Bitwarden states: “While other password manager companies do not offer, or place arbitrary password or device limits on their free plans, Bitwarden believes in giving users access to unlimited login items across unlimited devices.”

The FIDO2 WebAuthn 2FA feature, now available to all users at no cost, employs passkey protocols and a public/private key pair to validate identity during two-step login. After initial login to Bitwarden, users will be prompted to provide their FIDO2 WebAuthn credential for authentication. This second step in the login process bolsters accounts security, offering protection against unauthorized access.

Bitwarden supports both device-bound passkeys, such as those from hardware security keys (e.g., YubiKeys, SoloKeys), and synced passkeys generated from third-party passkey providers. It also allows users to store up to five WebAuthn keys for two-factor authentication. This enhancement to Bitwarden's individual plan signifies an ongoing commitment to robust password protection, ensuring security and peace of mind for all users.