Password manager Bitwarden has introduced support for passkey-based sign-ins on Windows 11, allowing users to authenticate using a passkey stored in their Bitwarden vault instead of typing traditional credentials.
The feature brings phishing-resistant login to the Windows sign-in screen, marking another step toward broader passwordless authentication across the operating system.
According to the Bitwarden Blog, the update allows users in a Microsoft Entra ID environment to sign into their Windows device using a passkey saved in their Bitwarden vault. The authentication process uses a mobile device and a QR code to verify login.
To use the feature, several conditions must be met. The Windows device must be joined to Entra ID, FIDO2 security key sign-in must be enabled through policy, and the user must already have a registered Entra ID passkey stored in their Bitwarden vault.
At the Windows login screen, users choose the security key option, then scan a QR code with their smartphone, where the Bitwarden mobile app verifies the stored passkey and completes the login process.
Bitwarden explains that this method removes passwords from the authentication flow and replaces them with cryptographic verification.
Bitwarden vault becomes the passkey provider
In this setup, Bitwarden acts as the passkey provider for Windows authentication. The credential is stored in the user’s encrypted vault and synchronized across devices rather than being tied to a single piece of hardware. This design offers a recovery advantage if a device is lost.
That approach differs from device-bound passkeys, in which losing the device holding the credential can leave users locked out of their accounts.
The company also emphasized the security motivation behind the move, noting that operating-system credentials remain a prime target for attackers seeking immediate access to enterprise resources.
The development builds on ongoing collaboration between Microsoft and Bitwarden around passkey support.
In November 2025, Microsoft introduced a passkey provider API for Windows 11, enabling third-party password managers such as 1Password and Bitwarden to manage passkeys across apps and websites. The new capability extends that integration to Windows device authentication itself.
Rollout and availability
Bitwarden says passkey login support for Windows devices is rolling out throughout March, depending on an organization’s Entra ID configuration.
Passkey management is available across all Bitwarden plans, including the free tier, allowing users to store passkeys, unlock their vault, and use them for signing into websites and services.
Also read: Our guide on how to choose a password manager for your business breaks down the admin controls and identity integrations that matter as passkeys spread across business environments.
