Open source password manager Bitwarden has announced its acquisition of Passwordless.dev, an API that uses cutting-edge FIDO2 WebAuthn standards.
The deal is a statement of Bitwarden’s intention to enhance its service with passwordless compatibility such passkeys, a central offering that Passwordless.dev helps developers create for sites and services.
WebAuthn, or Web Authentication, is supported by all the big players in the tech industry, including Microsoft, Google and Apple, and is the standard they are adopting to allow for passwordless user accounts.
“More accessible for everyone”
Following its $100 million funding round, the acquisition “allows Bitwarden to equip customers with a strong WebAuthn framework from which to develop custom features and deliver world-class passwordless user experiences.”
Passwordless.dev is also open source, which, according to the company, allows for easy integration with developer’s systems and WebAuthn compatibility with minimal coding required.
Bitwarden CEO Michael Crandell said: “Passwordless.dev lets developers and companies accelerate passwordless innovation by simplifying development efforts into a single API.”
Passwordless.dev founder Anders Åberg added: “In this race towards secure online experiences with the power of FIDO2 to mitigate common attack vectors, Bitwarden and Passwordless.dev will make passwordless more accessible for everyone.”
The FIDO Alliance, in working with the World Wide Web Consortium (W3C), developed the Web Authentication API, or WebAuthn, as part of the FIDO2 specifications.
It lets sites and services allow users to authenticate their log in with one of their smart devices, using whatever security they have to lock that device, such biometric data like fingerprint or facial recognition, or a pin code. No passwords are required.
If your device lacks such biometric technology, like a PC, then you can use an external security key via a USB reader instead.
Taking the place of passwords are passkeys. For every account, there will be two sets of keys, one public and one private. The former will be stored in servers, and the latter will be encrypted and stored on the user’s nominated device only. For this reason, FIDO claims that passkeys are much safer and phishing resistant.