Storing Passkeys
Passkeys can be stored and used by Bitwarden Password Manager. Using browser extensions and mobile apps, users can log in to their favorite apps and websites that have passkey login capability. Passkeys are a safe, passwordless alternative for users to log into services across their devices.
note
On iOS, version 17.0 or higher is required for storing and using passkeys. Learn more.
On Android, version 14.0 or higher is required for storing and using passkeys. There may be additional setup steps required. Learn more.
Developed with the standards set by the FIDO Alliance, passkeys allow a user to secure their accounts and bypass the vulnerabilities that come with standard password authentication, such as phishing. Stored passkeys are protected with Bitwarden's trusted end-to-end encryption.
Passkeys are a replacement for passwords that provide fast, easy, and secure sign-ins to websites and apps across a user's devices. More precisely, "passkey" is a consumer-friendly term for a discoverable FIDO credential that can be synced to allow secure passwordless sign-ins across devices, or dedicated to a single piece of hardware as a device-bound passkey.
Apps and services can request that passkeys created with them are verified with a PIN, password, pattern, or biometric factor when you save or access them. For more general information about passkeys, see Passkey FAQs.
Passkeys are stored and invoked via Bitwarden browser extensions and mobile apps. This means that both discoverable and non-discoverable passkeys can be stored in Bitwarden and used to log in to websites with passkey capabilities.
note
Saving and using passkeys are a feature of Bitwarden browser extensions and mobile apps. Please note:
On iOS, version 17.0 or higher is required for storing and using passkeys. Learn more.
On Android, version 14.0 or higher is required for storing and using passkeys. There may be additional setup steps required. Learn more.
Ask to save and use passkeys
To use the functionality described below, make sure that the Ask to save and use passkeys option, located in the browser extensions Settings → Options menu, is toggled on.
You can set excluded domains if there are specific sites you do not wish to use Bitwarden for passkeys with.
Create a passkey
When creating a new passkey on a website or app, the browser extension will prompt you to store the passkey:
note
Select Use your device or hardware key if you do not wish to store the passkey in Bitwarden or an already created passkeys is not stored in Bitwarden.
If a passkey already exists for this service, Bitwarden will allow you to save a new passkey by selecting the icon to create a new item, or by overwriting an existing passkey:
note
Only one passkey can be saved per login item. If a credential is saved in multiple places, for instance as two separate login items in the individual vault and organization vault respectively, a different passkey can be be stored with each login item.
Sign in using a passkey stored in Bitwarden
To use a passkey stored in Bitwarden, initiate the passkey login on the website. When the Ask to save and use passkeys option is on, the browser extension will provide an option to login using the passkey stored in your Bitwarden vault:
Select the passkey you would like to use and press Confirm.
note
Select Use your device or hardware key if you do not wish to store the passkey in Bitwarden or an already created passkeys is not stored in Bitwarden.
Setup Bitwarden for use with passkeys
To use the functionality described below, open your iOS Settings app and navigate to Passwords → Password Options. Toggle the following options on:
Toggle AutoFill Passwords and Passkeys on.
Toggle Bitwarden on in the Use passwords and passkeys from: list.
Create a passkey
When creating a new passkey on a website or app, the iOS application will prompt you to store the passkey:
Select Continue.
note
Select Other Options if you do not wish to store the passkey in Bitwarden or Other Sign In Options to sign in with a passkey not stored in Bitwarden.
If a passkey already exists for this service, Bitwarden will allow you to save a new passkey by selecting the icon to create a new item, or by overwriting an existing passkey:
note
Only one passkey can be saved per login item. If a credential is saved in multiple places, for instance as two separate login items in the individual vault and organization vault respectively, a different passkey can be be stored with each login item.
Sign in using a passkey stored in Bitwarden
To use a passkey stored in Bitwarden, initiate the passkey login on the website. The mobile app will provide an option to login using the passkey stored in your Bitwarden vault:
Select Continue.
note
Select Other Options if you do not wish to store the passkey in Bitwarden or Other Sign In Options to sign in with a passkey not stored in Bitwarden.
Setup Bitwarden for use with passkeys
Open Bitwarden Password Manager in the Google Play Store and tap Join in the Join the beta section. Once the Bitwarden application is updated to the beta version, go to Settings → Auto-fill and tap Passkey management to access the Android settings to configure Bitwarden as your passkey provider.
warning
Using passkeys with Bitwarden on Android is currently in beta. In order to activate Bitwarden as your preferred passkey provider it may be necessary to:
Enable 3rd party passkey providers in your web browser's flags (e.g.
chrome://flags).Disable and re-enable Bitwarden as your auto-fill provider once updated to the latest version.
Reboot your phone after changing the above settings.
Remove any passkeys stored in Google Password Manager, as Android will preference this provider.
Please also note that Android does not allow 3rd party passkey providers like Bitwarden to support passkey-based 2FA (a.k.a. "non-discoverable credentials").
Additionally, while passkeys for web browsers are supported, support for is apps coming soon in a future beta build.
Create a passkey
When creating a new passkey on a website or app, the Android application will prompt you to store the passkey:
Select Create.
note
Select Save another way if you do not wish to store the passkey in Bitwarden or More saved sign-ins to sign in with a passkey not stored in Bitwarden.
If a passkey already exists for this service, Bitwarden will allow you to save a new passkey by selecting the icon to create a new item, or by overwriting an existing passkey:
note
Only one passkey can be saved per login item. If a credential is saved in multiple places, for instance as two separate login items in the individual vault and organization vault respectively, a different passkey can be be stored with each login item.
Sign in using a passkey stored in Bitwarden
To use a passkey stored in Bitwarden, initiate the passkey login on the website. The mobile app will provide an option to login using the passkey stored in your Bitwarden vault:
Select Sign in to use your passkey.
note
Select Save another way if you do not wish to store the passkey in Bitwarden or More saved sign-ins to sign in with a passkey not stored in Bitwarden.
Once a passkey has been saved, it can be viewed from any Bitwarden app and is located in the Passkey field:
note
If master password re-prompt has been enabled on the login item, you will be required to re-enter your master password in order to access the passkey.
To delete a passkey from a vault item:
Open the item Edit screen from the Password Manager web app, browser extension or desktop app.
Select the delete icon for the Passkey field.
Delete a passkey
The following FAQ items are in reference to Bitwarden passkey storage. For general passkey information, see Passkey FAQs.
Q: Will passkeys be included if you clone a vault item?
A: Bitwarden will not copy a passkey when completing a clone action.
Q: Are stored passkeys included in Bitwarden imports and exports?
A: Passkeys imports and exports will be included in a future release.
Q: Can I store passkeys in the mobile app?
A: Passkeys support for mobile applications is available for iOS (learn more) and in public beta for Android (learn more).