Windows 11 Enhances Security with Third-Party Passkey Support

In a recent announcement, Microsoft revealed a major update for Windows 11, introducing native support for third-party passkey managers. This update makes passwordless authentication more accessible and convenient for users, with the initial supported passkey managers being 1Password and Bitwarden.

The breakthrough was made possible through collaboration between the Windows security team and third-party managers, resulting in the development of a passkey API specifically for Windows 11. This new feature was officially rolled out with the November 2025 security update for Windows 11.

Passkeys, which adhere to the FIDO2/WebAuthn standards, provide a secure authentication mechanism that eliminates the need for traditional passwords. Instead, passkeys utilize private-public key cryptography for local challenge signing and server-side verification.

Upon registration on a passkey-enabled site or app, Windows generates a key pair, with the private key securely stored on Microsoft Password Manager, 1Password, or Bitwarden. Subsequently, when users attempt to log in, a challenge is sent to Windows, prompting the user to verify themselves using Windows Hello, which offers PIN and biometrics authentication.

This innovative system offers several advantages over traditional passwords, including enhanced portability, increased user convenience, and heightened security against phishing attacks.

Microsoft has been actively promoting passkey adoption on Windows, with the recent addition of third-party app support through the new API enhancing flexibility for users. Additionally, Microsoft has integrated Microsoft Password Manager from Microsoft Edge directly into Windows as a plugin, allowing users to select their preferred passkey manager.

The security benefits of this development are highlighted by Microsoft, emphasizing:

• Protected passkey creation, authentication, and management through Windows Hello
• Syncing capabilities across Windows devices when logged into Edge with the same Microsoft account
• Secure syncing via the manager PIN and a cloud enclave
• Encryption key safeguarding by Azure Managed Hardware Security Modules (HSMs)
• Execution of sensitive operations in Azure Confidential Compute
• Recovery using Azure Confidential Ledger

Microsoft Edge recently introduced passkey saving and syncing with Microsoft Password Manager for Windows 10 and above, starting from version 142. Bitwarden has been supporting passkey storage and management since November 2023 and introduced “Log in with Passkeys” in January 2024.

Bitwarden’s integration with Windows 11 is currently in the beta stage, indicating potential functional limitations or instability until widespread testing and bug fixing are completed.

As organizations plan their cybersecurity strategies for the upcoming year, insights from over 300 CISOs and security leaders can provide valuable benchmarks and trends. Download the report to learn how top leaders are translating investments into measurable impacts in 2026.

Download Now