Password manager Bitwarden will too soon be able to store passkeys, but here’s why you may want to wait a bit with passkeys

A padlock with 1's and 0's in numbers behind it

I did a post a few weeks back speculating around the same issues but listening now to Steve Gibson talking on the Tech News Weekly episode 284 podcast at https://twit.tv/shows/tech-news-weekly/episodes/284 has reinforced my thinking about passkeys.

Yes, Google, Apple, etc are trying to get their users to adopt THEIR passkey management systems as quickly as possible, as it essentially locks you into their authentication (and eco) system for now. Even these two companies are implementing passkeys slightly differently (single synced key vs per device), and unlike today where you can easily export your passwords from one password manager to another one (migration) it is not at all clear yet how this may happen with passkeys (if at all). I have over 700 passwords and there is little chance of me migrating those one by one to a different authentication system.

Just based on how Apple’s and Google’s approaches to passkeys differs, we can also see some differences in how we’d use them, so I’d like to make a more informed decision before I just jump in. As Steve says, passwords are still going to be here for quite a long time, so there is no rush to jump into using passkeys (as long as you use secure and unique passwords, along with good 2FA). While backup passwords still exist for passkey sites, they are still as secure as that weakest link.

So, yes, Bitwarden too will be rolling out their passkey implementation in 2023 (see https://www.ghacks.net/2023/05/24/password-manager-bitwarden-will-soon-be-able-to-store-passkeys/ without any firm date) and I’ll first have a good look at how they plan to implement it too. I do prefer something like Bitwarden (or similar) where it is a purely cross-platform implementation not tied to a particular vendor (apart from Bitwarden yes, but then you can also host their open-source solution yourself if you really wanted to). Personally, I would not use Apple’s system as I have twice switched away from using an iPhone, and I’m not getting locked into an ecosystem specific solution for that reason.

Bottom line though is there is no rush, and jumping in now with whoever you choose, is going to be your bed fellow for the foreseeable future, unless you only have 5 site passkeys to worry about. Passkeys are certainly an excellent step forward for online authentication, but it is about when and with whom I’m more concerned about.