Bitwarden has announced support for logging into Windows devices using passkeys stored in the vault, enabling phishing-resistant authentication directly at the OS login screen.
With the new capability, Windows 11 devices can authenticate users using passkeys stored in Bitwarden’s encrypted vault, rather than relying on shared secrets like passwords. During the login process, Windows displays a QR code that users scan with their mobile device running the Bitwarden app, which then confirms access to the stored passkey and completes authentication.
Bitwarden serves as the passkey provider in this workflow, with passkeys stored in the user’s end-to-end-encrypted vault and synchronized across devices. This design means users can still access their passkeys from another device if their phone is lost, unlike device-bound passkey implementations, where losing the device could result in losing access.
To use the feature, the Windows device must be joined to Microsoft Entra ID, the organization must enable FIDO2 security key sign-in, and the user must have already registered a passkey for their Entra ID profile stored in their Bitwarden vault.
Securing a critical attack surface
Operating system authentication is a prime target for attackers, as compromised credentials or access to a logged-in device can provide immediate entry to files, applications, and enterprise resources.
Passkeys replace traditional credentials with cryptographic authentication tied to the user, device, and origin, eliminating the transmission of shared secrets and significantly reducing exposure to phishing and credential-theft attacks.
By extending passkey authentication into the Windows sign-in flow, Bitwarden aims to close a longstanding security gap between application authentication and operating system access.
“Microsoft is committed to making passwordless authentication practical and secure across Windows to help reduce the risk of phishing and password theft,” said Katharine Holdsworth, Partner Group Product Manager at Microsoft. “With the Bitwarden vault integrated into Windows Hello, using passkeys stored in the Bitwarden vault is a fast, smooth, and secure experience across both websites and apps on Windows.”
Building on Windows passkey integration
The new capability builds on earlier work between Microsoft and passkey providers to integrate third-party credential managers directly into Windows.
In November 2025, Microsoft introduced native support in Windows 11 for external passkey managers such as Bitwarden and 1Password, allowing them to function as system-level credential providers. That update enabled users to create and store passkeys using their preferred manager while authenticating through Windows Hello.
The newly announced Windows login support extends that integration further by allowing passkeys stored in Bitwarden to authenticate users directly at the OS login screen.
Microsoft says passkey-based Windows login will roll out throughout March and is dependent on the organization’s Microsoft Entra ID configuration. Bitwarden passkey management is available across all Bitwarden plans, including the free tier.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
