Bitwarden Introduces Phishing-Resistant Authentication for Windows 11 Devices

Bitwarden has recently unveiled a new feature that allows users to log into Windows 11 devices using passkeys stored in the manager’s vault, providing a more secure and phishing-resistant authentication method.

This innovative feature is accessible to all Bitwarden users, including those on the free plan. It enables users to log into Windows by opting for the security key option and scanning a QR code with a mobile device to confirm access to the passkey stored securely in the Bitwarden encrypted vault.

Bitwarden, known for its open-source password and secrets management capabilities, offers a platform where users can securely store various sensitive information such as account passwords, API keys, credit card details, identity data, and private notes.

In order to utilize this new feature, users must meet three essential conditions:

1. Have Entra ID–joined devices
2. Enable FIDO2 security key sign-in
3. Store a registered Entra ID passkey in their Bitwarden vault

According to Bitwarden, “Windows now supports industry-standard passkeys secured in the Bitwarden vault, enabling passwordless authentication during sign-in. Users can choose to log in with a passkey stored in the Bitwarden vault, allowing Windows to authenticate using cryptographic credentials rather than passwords, without transmitting shared secrets.”

By acting as the passkey provider in the Windows authentication flow, Bitwarden ensures that the credential is stored in the user’s synced vault, rather than being tied to a single device. This approach also enables recovery using other devices in case of a lost phone.

Furthermore, by eliminating password entry from the login process and utilizing cryptographic challenges signed with private keys stored in the vault, the risk of credential exposure to phishing attacks is significantly reduced.

Microsoft is set to roll out passkey login on Windows this month, with the availability depending on the Microsoft Entra ID configuration.

In a significant development announced in November 2025, Microsoft introduced a passkey provider API on Windows 11, allowing third-party applications like Bitwarden and 1Password to manage passkeys for websites and apps on the operating system. The recent announcement extends this functionality to a more fundamental authentication layer, that of the OS itself.