Faster Logins with Passkeys | Bitwarden Passkey Tutorial

Поделиться
HTML-код
  • Опубликовано: 27 ноя 2024

Комментарии • 97

  • @rwg1811
    @rwg1811 9 месяцев назад +7

    My wife is a non computer person and she was watching this with me and was asking how passkeys work. After a few minutes of her listening to me and not understanding what I was talking about she finally came up with an analogy that I think actually describes past keys very well.
    She said it's kind of like a lock and a key.
    And I think that's a very good analogy. In this case Bitwarden creates both the lock and key which is unique in the whole universe and it gives the lock to the web site. Bitwarden keeps the only key available to that lock.

    • @teachmecyber
      @teachmecyber  9 месяцев назад +1

      Great analogy!

    • @yungle15
      @yungle15 4 месяца назад +1

      A passKEY is like a lock and key!? Wow thanks genius 😱

  • @ricardovargas678
    @ricardovargas678 Год назад +10

    I really hope that, overtime, more webpages use Passkey as as sign-in method and not as a MFA.

    • @teachmecyber
      @teachmecyber  Год назад +2

      You and me both! There are some already but still a very long way to go.

  • @John-fj3qw
    @John-fj3qw Год назад +6

    Another excellent tutorial, thanks for staying on top of this tech, I have learned a great deal from your videos. Could you make a bitwarden tutorial for mobile use.

    • @teachmecyber
      @teachmecyber  Год назад +2

      I'll look into it! I had some challenges on a prior video with recording due to privacy features (which is great) on some password managers. Let me see what I can do!

    • @John-fj3qw
      @John-fj3qw Год назад +1

      Thanks Jason that would be awesome 👍

  • @joeyc666
    @joeyc666 9 месяцев назад +1

    Thank you for this explanation, Jason. Is this something you can do only for new accounts?
    For example, if I wanted to use passkeys on an existing social media account, is it a similar process? Sorry if I missed something in the video :)

    • @teachmecyber
      @teachmecyber  9 месяцев назад

      Yes, you can do this for existing accounts as long as they support it. You should see it under security settings in the particular app

  • @Johnlayne65
    @Johnlayne65 4 месяца назад

    Thanks quickest explanation I've seen.

  • @redblitz
    @redblitz 10 месяцев назад +2

    Thanks for the video - very useful!
    On a sidenote - what is your Chrome theme called? Love that dark blue gradient!

    • @teachmecyber
      @teachmecyber  10 месяцев назад

      I'm not sure what the theme is. It's one of the default ones that is available.

  • @luigi3418
    @luigi3418 9 месяцев назад +1

    Sorry but saving the passkeys on Bitwarden in my opinion is less secure than saving them on your device, this is because correct me if I'm wrong, by saving them on Bitwarden if they ever enter my vault, with the passkeys they could access the sites they want, whereas if they are saved on the device (like a phone) to then use a passkey you also need biometric authentication, so it's an additional security check in addition, don't you think?

    • @teachmecyber
      @teachmecyber  8 месяцев назад +1

      Yes, you're correct. It's the trade-off between security and convenience, but it's the same risk of using a password manager with just passwords. You can still take steps to secure access to the vault to minimize the likelihood of someone gaining access.

  • @TonyDL
    @TonyDL 9 месяцев назад +2

    Great video, thank you! I've decided to give passkeys a try after being nagged a few times and now seeing your video... So I've done 2 of them and it seems seamless as you show. BUT how do I list my user accounts in Bitwarden where I've enabled a passkey? I don't want to lose track of which ones I've enabled it on. Also, if a website allows BOTH passwords and passkeys, isn't that less secure? Thanks!

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      This is the one downside with Bitwarden right now, it requires a separate entry. Given your username would be stored with the password entry, it's not a big issue.
      Every website now will have both. You just want to default to passkeys as it is phishing resistant.

    • @TonyDL
      @TonyDL 8 месяцев назад

      @@teachmecyber Hi, I don't really understand your answer as I see the passkey in the same entry. Still I don't know how to search for entries where a passkey was set. Also, I don't understand how passkeys as you describe are 'phishing resistant' if passwords are also allowed. Mabe another video? 🙂

  • @Damariobros
    @Damariobros 5 месяцев назад +1

    How do you get Bitwarden to take over using passkeys in Windows 10? Whenever I attempt to do anything with passkeys, whether logging in or creating one, WIndows prompts me to insert a security key.

  • @DannySi
    @DannySi 4 дня назад

    Wish it would at least have some indicator that a passkey is associated with a login. Great feature regardless.

  • @Juan-sq9hb
    @Juan-sq9hb 11 месяцев назад +2

    Will passkeys replace hardware authentication like Yubikey? what are the advantages of each?

    • @teachmecyber
      @teachmecyber  11 месяцев назад +4

      Passkeys are the same technology as Yubikey. The main difference is that instead of the private key being stored on the yubikey, it's securely stored your laptop or mobile device. This implementation with Bitwarden (synchronized passkeys) allows for more flexibility to log in from different devices. Yubikey, is a device-bound passkey that you can only log in with the yubikey, so you have to have it with you. It's more secure but less flexible.

    • @Juan-sq9hb
      @Juan-sq9hb 11 месяцев назад +3

      @@teachmecyber Thanks a lot for your answer! :)

  • @puduville1
    @puduville1 8 месяцев назад +1

    Great video. Remeber one thing till we get ride of less secure pwd recovery processes like via email recovery etc or we eliminate the pwd on the site( options that sites need to start providing) this will not be more secure.

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      Yes, it will still be a fall back. But the more you use passkeys and stay consistent the better off you will be.

  • @Marco-ce8kr
    @Marco-ce8kr Год назад +1

    Q: so If I have a password previously set in a website and later I set a passkey, I'll be able to use both or just the passkey ? and don't forget Nordpass tutorial for future videos

    • @sevenelven
      @sevenelven Год назад +1

      Websites usually let you choose your preferred way of signing in

    • @bigjoegamer
      @bigjoegamer Год назад +6

      It depends on the website. Some websites will let you sign in with a password or a passkey, which means you can lose your passkey but still sign in with your password, or lose your password and still sign in with your passkey. Others will use your passkey as a form of 2-factor authentication, meaning you'll need your password and your passkey to log in. Others will replace your password with the new passkey, meaning you can only sign in with your passkey. I don't know if I've covered every scenario, but I hope passkeys become the thing that replaces passwords.

    • @teachmecyber
      @teachmecyber  Год назад +4

      @bigjoegamer covered most of the scenarios you'll run into! The website may autodetect it (e.g. Gmail does this), others may ask you which method you want to sign in with (passwordless or password).

  • @Rednunzio
    @Rednunzio 11 месяцев назад +2

    what does Bitwarden save to manage the passkey? The private key or what?

    • @teachmecyber
      @teachmecyber  11 месяцев назад +3

      That's right, BItwarden is saving and securely storing the private key.

  • @DavidDLee
    @DavidDLee 2 месяца назад

    I tried this on Windows, with both Bitwarden and Windows Hello.
    The latter does not sync to other devices, but it could use other devices (Android) to store the Passkey. Assuming Bitwarden allows syncing across devices (did not try, but this is the point, otherwise, it's next to useless).

  • @vimalramachandran
    @vimalramachandran 11 месяцев назад +1

    So, if I had to login on a computer where Bitwarden isn't installed, the passkey stored in Bitwarden cannot be used, right?

    • @teachmecyber
      @teachmecyber  11 месяцев назад

      Correct, in the current implementation. Future iterations with mobile support may change this if it allows you to point to your mobile app.

    • @breadone_
      @breadone_ 9 месяцев назад

      @@teachmecyber Wow. this, and the frankly amateurish UI for desktop was enough to make me switch to 1P

  • @Chicago48
    @Chicago48 8 месяцев назад +1

    Is the passkey device Specific? - or if I have a computer and phone will it merge across devices? Also does the passkey eliminate or delete my PASSWORD? AND what if you have 2-3 Google accounts like I do? I have a job gmail, a Google gmail, and another Goog gmail?

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      You can set it up for multiple accounts, no issues there! You can have both the password and the passkey at the same time. You can set it up just for a specific device or use a password manager like 1Password and it will work across devices.

  • @GrouseHiker
    @GrouseHiker 11 месяцев назад +1

    Does the private passkey have to be remembered, or is it encrypted on the device? Does anything have to be remembered? It seems that if it's stored on the device, the the weak link is the device login... not the website login.

    • @teachmecyber
      @teachmecyber  11 месяцев назад +1

      You don't have to remember anything new! The passkey is stored encrypted in the vault. The only thing you need to do is unlock Bitwarden to securely access the private key. You should set up Bitwarden to require strong MFA (you can also set this up with passkeys to your local device).

  • @jessejames586
    @jessejames586 8 месяцев назад +1

    But sites that also allow user/password authentication negates the security that passkeys offer unless you can delete these credentials once you have a passkey setup for the site

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      Potentially. But if you don't use them after setting them up and only use passkeys it is still more secure, especially against phishing attacks as long as you default to using passkeys

  • @petearmstrong2778
    @petearmstrong2778 Год назад +1

    Here is the scenario - passwords no longer used and a person now has 200 device-bound passkeys on a Windows laptop or Android (Apple may vary I don't know). You now get a new laptop - how do all these passkeys get reset on the new laptop? Cannot be manually.
    I guess the same question applies to a password manager - how to link a new device to use existing passkeys.

    • @teachmecyber
      @teachmecyber  Год назад +4

      This is the key difference between device-bound and synced passkeys. Device-bound passkeys are stuck to that device. With Bitwarden's synced passkey solution (similar to what 1Password does), you can access it from any device as long as you have Bitwarden installed.

  • @mkunikow
    @mkunikow 6 месяцев назад

    Ok but if you generate passkey for google account -> it can set passkeys on all or your devices with one click.
    The question is who you trust more to store your passkeys ....

  • @Richie_W
    @Richie_W 11 месяцев назад +1

    Wouldn't you want the username to be stored if you've got multiple accounts on a site? How are you going to login to a site if you can't remember what username you used when you registered?

    • @teachmecyber
      @teachmecyber  11 месяцев назад +2

      For passkeys in Bitwarden, you will need a new entry for each unique account on a website. The passkey stores the username in it, so you'll just have to manage the item in Bitwarden accordingly (e.g. just put it in the name of the item).

  • @ssigitas69
    @ssigitas69 Месяц назад

    Yesterday I installed Bitwarden to my Android phone to my Windows computer, add extension to Firefox and even downloaded desktop application. Watch your video and some more, try to do something and can say. I don;t understand anything 😭 and why I needed and how to use it

  • @WE-vd8ux
    @WE-vd8ux 9 месяцев назад +1

    when i create a passkey like you in your video the public key will be saved in bitwarden.
    What about the private key which usually is saved on the local authenticator?
    what does sync of passkey mean?
    Sync the private key from one device to another? How will they be stored there? does this happen automatically`?

    • @teachmecyber
      @teachmecyber  9 месяцев назад

      When you create a passkey with Bitwarden, the private key is saved into your Bitwarden vault. The websites you configure passkeys with will get a copy of your public key.
      With Bitwarden's passkey implementation, the passkey stays in your vault which you can access from different devices.

    • @WE-vd8ux
      @WE-vd8ux Месяц назад

      @@teachmecyber that also means that my passkey is not stored on a secure enclave (yubikey, tpm,....) and ist not more secure than just saving a password in the password manager? I´m losing my second factor (passwort and owner). Is this correct?
      It seems iCloud Keychain offers you the possibility to sync the highly encrypted key and store them in your secure enclave on your device.
      Does Bitwarden also provides that?

  • @MindCraftAcademy-my5fh
    @MindCraftAcademy-my5fh 5 месяцев назад

    i created bitwarden access using passkey, but still prompt to key in password.. not sure why, probably this is still in beta

  • @DavidW-di1ie
    @DavidW-di1ie 5 месяцев назад

    If a passkey is stored on the device, e.g., my laptop, and I get a new laptop, how does it migrate to the new device? I'm sure it's really simple, but I am not sure. Thanks.

  • @gabsriel
    @gabsriel 9 месяцев назад +1

    I'm a newbie. It seems that Firefox does not support passkey except the hardware ones....what a shame

    • @teachmecyber
      @teachmecyber  9 месяцев назад

      Yeah, hopefully they get an update to support it soon!

  • @robtihanyi1155
    @robtihanyi1155 11 месяцев назад +6

    Nice work Jason. I wish somebody who knows about computer stuff will at some point design an app to get a non computer user to be able to set up and use passkeys and indeed password managers. Nobody seems to understand that what seems like a "simple setup" to a computer user makes no sense at all to a non computer user. Until somebody designs a system to get this done the people who stand to gain the most from passkeys/password managers are the people who will continue to be the ones that are unable to access the service...just saying.

    • @teachmecyber
      @teachmecyber  11 месяцев назад +4

      I've been thinking about doing a written tutorial to help in situations like this. While not perfect (e.g. I can't make the program easier), it may help with learning the new tool. Would that be useful?

  • @CapAlzheimers
    @CapAlzheimers 11 месяцев назад +1

    125% faster what does that even mean? If i normally log in in 100 seconds using bitwarden makes me log in in negative 25 seconds?

    • @teachmecyber
      @teachmecyber  11 месяцев назад +2

      Okta's analysis showed that logins with a password on average took ~13 seconds. With passkeys, 3 seconds.

    • @CapAlzheimers
      @CapAlzheimers 11 месяцев назад

      Ok, so faster, but the number 125% makes no sense. @@teachmecyber

    • @teachmecyber
      @teachmecyber  11 месяцев назад +1

      Just me getting my math wrong lol

  • @StijnHommes
    @StijnHommes 11 месяцев назад

    You cite Okta, but you fail to mention that they're a biased party...
    I can only be thankful that passkeys are still not working on my copy of Bitwarden.
    It appears that is by design. Passkeys only work with the online vault, which is a million times less secure than my locally installed vault.
    No thanks. Got any alternative password managers I can try that didn't dilute their product security with passkey implementation?

    • @teachmecyber
      @teachmecyber  11 месяцев назад +1

      Passkeys are the future. They are more secure than traditional passwords. I imagine most password managers are going to expand support for them as more websites adopt the technology.
      If you're an offline password vault person, KeePass, Bitwarden's offline version, or Passbolt are good options.

    • @StijnHommes
      @StijnHommes 6 месяцев назад

      @@teachmecyber "They are more secure than traditional passwords." How so? When biometrics fail, the fallback is a simple PIN. Anyone close to you with bad intentions who has seen you unlock your phone can get access to your accounts as well when passkeys are enabled.
      Passkeys are basically 1FA when the bad actor has access to the device.

  • @bigjoegamer
    @bigjoegamer Год назад +2

    Thanks for the info. Good video. I'm looking forward to device-bound passkey management on Linux, and the ability to use passkeys to sign in to Linux apps and websites without downloading a password manager or using a browser's built-in password manager.
    Also, the ability to import and export passkeys across all of my devices and password managers would be awesome. For example, exporting my Bitwarden passkeys to a file (encrypted or unencrypted) and then importing them into an Android phone or iPhone or Linux/Windows/macOS computer or another password manager. Or just skipping the "file" part and letting me choose from a menu which device or password manager I want to send my exported passkeys to.

    • @teachmecyber
      @teachmecyber  Год назад +2

      The export feature scares me a bit because it will get abused by attackers, so I'm keen to see how they do that securely. Google is lagging behind on support in Android, but is working on APIs that will unlock the ability for Bitwarden to use passkeys on Android. It's slow but progress is being made!

  • @debnathmriganka2010
    @debnathmriganka2010 8 месяцев назад

    Sir, I am fully new in Bitwarden, Today i am trying to login Bitwarden using password key using mobile phone but only shows pin option, but after that when i am going to login it always shows wrong key. Please help me how to use it properly. using Mobile Phone.

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      Can you provide more information on what's happening?

  • @jbinfa7k
    @jbinfa7k 11 месяцев назад +1

    It is so quick that I lack the confidant I did it right...🙄

    • @teachmecyber
      @teachmecyber  11 месяцев назад

      Did you try to login with the passkey after you set it up?

  • @fumo7887
    @fumo7887 9 месяцев назад

    "Can log in 125% faster" - math does not work out. Negative time?

    • @teachmecyber
      @teachmecyber  9 месяцев назад +1

      Heh yeah, I think I got my math wrong. Regardless, it's much faster and more secure!

  • @cam_934
    @cam_934 10 месяцев назад +1

    Real short list of supported browsers and sites, sounds like wait a year then have another look.

    • @teachmecyber
      @teachmecyber  10 месяцев назад +1

      There's no reason not to start now. Protect the accounts you can and then revisit it from time to time to see what you can add.

  • @Zaros1337
    @Zaros1337 10 месяцев назад

    I'm even more confused about passkeys now than I was before watching.

    • @teachmecyber
      @teachmecyber  10 месяцев назад

      What can I help clear up? Have you seen the full video I posted on what passkeys are and how they work?

  • @blaaxz
    @blaaxz 11 месяцев назад

    No Firefox support?

    • @teachmecyber
      @teachmecyber  11 месяцев назад

      I've heard mixed results with Firefox. Are you having issues with it?

    • @therevanchistv
      @therevanchistv 10 месяцев назад

      @@teachmecyber I am works on chromium based browsers only it seems.

  • @zoenagy9458
    @zoenagy9458 8 месяцев назад +4

    takes 6seconds to load the addon on i7+SSD+16GB RAM, unacceptable

    • @teachmecyber
      @teachmecyber  8 месяцев назад

      That's odd, what OS are you using?