Open source password manager Bitwarden has announced the acquisition of Passwordless.dev, an API that uses cutting-edge FIDO2 WebAuthn standards.
The deal is a statement of Bitwarden’s intent to enhance its service with passwordless support such as passkeys, a core offering that Passwordless.dev helps developers build for sites and services.
WebAuthn, or web authentication, is supported by all the big players in the tech industry, including Microsoft, Google, and Apple, and is the standard they’re adopting to enable passwordless user accounts.
“More accessible to all”
Following its $100 million funding round, the acquisition “enables Bitwarden to equip customers with a robust WebAuthn framework from which to build custom features and deliver world-class passwordless user experiences.”
Passwordless.dev is also open source, which the company says allows for easy integration with developer systems and WebAuthn support with minimal coding required.
Bitwarden CEO Michael Crandell said: “Passwordless.dev enables developers and enterprises to accelerate passwordless innovation by simplifying development efforts into a single API.”
Passwordless.dev founder Anders Åberg added: “In this race to secure online experiences with the power of FIDO2 to mitigate common attack vectors, Bitwarden and Passwordless.dev will make passwordless more accessible to everyone.” “.
The FIDO Alliance, in collaboration with the World Wide Web Consortium (W3C), developed the Web Authentication API, or WebAuthn, as part of the FIDO2 specifications.
It allows sites and services to allow users to authenticate their login with one of their smart devices, using whatever security they have to lock that device, such as biometric data such as fingerprints or facial recognition, or a PIN code. Passwords are not required.
If your device lacks such biometric technology, such as a PC, then you can use an external security key via a USB reader.
Taking the place of passwords are access codes. For each account, there will be two sets of keys, one public and one private. The former will be stored on servers, and the latter will be encrypted and stored only on the device designated by the user. For this reason, FIDO claims that access keys are much more secure and resistant to phishing.