Bitwarden is easily the most popular open-source password manager right now.
It is simple to use, cost-effective, conveniently available on mobile/desktop, and secure enough for most common use cases.
While it already supported passwordless authentication techniques like fingerprint sign-in, Face ID, PIN, on mobile/desktop, it now has a new addition.
Related Read 📖
Authenticate Login Using Prompts
Probably the most prominent example of this type of login authentication is Google. You get a prompt on your signed-in devices to authenticate the login activity.
That's precisely what Bitwarden is adding to its arsenal of features.
When you log in to your web vault from your web browser, you can opt to send a push notification to your mobile where you need to approve the request.
You need to have the Bitwarden mobile app installed. So, you can expect the notification to look like this:
Is this a secure method?
Bitwarden shares a flow chart that describes the process of this authentication method:
So, the authentication request is encrypted, which makes it a safe, and convenient way.
They also mention:
The web vault login will show a Fingerprint Phrase that identifies the login attempt. It might look something like
juniper-sandbar-footnote-improve-evolution. This phrase will also appear in the login request on the mobile app. You should make sure that they match before approving the request.
So, on top of end-to-end encryption, you have additional means to verify that the request you received is genuine.
To explore technical details, refer to Bitwarden's documentation on passwordless logins.
More from It's FOSS...
- 📩 Stay updated with the latest on Linux and Open Source. Get our weekly Newsletter.
- Learn Bash scripting for FREE with this Bash Tutorial series.
- Join our community forum.