Bitwarden is easily the most popular open-source password manager right now.
It is simple to use, cost-effective, conveniently available on mobile/desktop, and secure enough for most common use cases.
While it already supported passwordless authentication techniques like fingerprint sign-in, Face ID, PIN, on mobile/desktop, it now has a new addition.
Probably the most prominent example of this type of login authentication is Google. You get a prompt on your signed-in devices to authenticate the login activity.
That's precisely what Bitwarden is adding to its arsenal of features.
When you log in to your web vault from your web browser, you can opt to send a push notification to your mobile where you need to approve the request.
You need to have the Bitwarden mobile app installed. So, you can expect the notification to look like this:
💡
This feature is only available on Bitwarden's cloud server. If you self-host it, you cannot access this feature for now.
Is this a secure method?
Bitwarden shares a flow chart that describes the process of this authentication method:
So, the authentication request is encrypted, which makes it a safe, and convenient way.
They also mention:
The web vault login will show a Fingerprint Phrase that identifies the login attempt. It might look something like juniper-sandbar-footnote-improve-evolution. This phrase will also appear in the login request on the mobile app. You should make sure that they match before approving the request.
So, on top of end-to-end encryption, you have additional means to verify that the request you received is genuine.
Ankush Das
