>
Open source password manager Bitwarden has announced the acquisition of Passwordless.dev, an API that uses the very latest FIDO2 WebAuthn standards.
The deal is a statement of Bitwarden’s intent to enhance its service with passwordless compatibility such as password keys, a core offering that helps Passwordless.dev developers create for sites and services.
WebAuthn, or web authentication, is supported by all the major players in the tech industry, including Microsoft, Google, and Apple, and is the standard they use to enable passwordless user accounts.
“More accessible to everyone”
Following the $100 million funding round, the acquisition “enables Bitwarden to equip customers with a strong WebAuthn framework from which to develop custom features and deliver world-class passwordless user experiences.”
Passwordless.dev is also open source, which the company says allows for easy integration with developer systems and WebAuthn compatibility with minimal coding.
Bitwarden CEO Michael Crandell said, “Passwordless.dev enables developers and businesses to accelerate passwordless innovation by simplifying development efforts into a single API.”
Passwordless.dev founder Anders Åberg added, “In this race for secure online experiences with the power of FIDO2 to mitigate common attack vectors, Bitwarden and Passwordless.dev will make passwordless more accessible to everyone.”
The FIDO Alliance, in collaboration with the World Wide Web Consortium (W3C), has developed the Web Authentication API or WebAuthn as part of the FIDO2 specifications.
It allows sites and services to allow users to authenticate their login with one of their smart devices, using whatever security they have to lock that device, such as biometrics such as fingerprints or facial recognition, or a PIN. No passwords are required.
If your device does not have such biometric technology, such as a PC, you can use an external security key via a USB reader instead.
Taking the place of passwords are password keys. For each account, there are two sets of keys, one public and one private. The former is stored on servers and the latter is encrypted and stored only on the user’s nominated device. For this reason, FIDO claims that passkeys are much more secure and phishing-resistant.