Microsoft has made strides in enhancing passwordless authentication on Windows 11, introducing native support for third-party passkey managers. The initial offerings in this new feature include popular options like 1Password and Bitwarden, marking a significant step towards a more secure and user-friendly authentication experience.
Collaboration and Innovation
This advancement is the result of a collaborative effort between the Windows security team and third-party password managers, culminating in the development of a passkey API specifically for Windows 11. The feature was rolled out with the November 2025 security update, which was released recently.
Passkeys represent a modern approach to authentication, adhering to the FIDO2/WebAuthn standards. They leverage private-public key cryptography for local challenge signing and server-side verification, eliminating the need for traditional passwords. Upon registering on a passkey-enabled site or application, Windows generates a key pair, securely storing the private key within the Microsoft Password Manager, 1Password, or Bitwarden.
Source: Microsoft
When users attempt to log in to a site or app, a challenge is presented to Windows, prompting them to verify their identity using Windows Hello, which is safeguarded by PIN and biometric authentication. This method is deemed superior to conventional passwords due to its portability, enhanced user convenience, and resistance to phishing attacks.
Enhanced Flexibility and Security
Microsoft’s push for passkey adoption on Windows is further bolstered by the inclusion of third-party app support via the new API, offering users greater flexibility in their authentication choices. Additionally, Microsoft has integrated its own Password Manager from Microsoft Edge directly into Windows, functioning as a plugin that allows users to select their preferred passkey manager.
The security benefits of this development are noteworthy:
- Creation, authentication, and management of passkeys are secured by Windows Hello.
- Synchronization across Windows devices is available when users are signed into Edge with the same Microsoft account.
- Synchronization is protected by the manager PIN and a cloud enclave.
- Encryption keys are safeguarded by Azure Managed Hardware Security Modules (HSMs).
- Sensitive operations are executed in Azure Confidential Compute.
- Recovery processes utilize Azure Confidential Ledger.
Source: Microsoft
Earlier this month, Microsoft Edge introduced passkey saving and syncing capabilities with Microsoft Password Manager in version 142 and later, applicable to Windows 10 and above. Bitwarden has been at the forefront of passkey storage and management since November 2023, launching its “Log in with Passkeys” feature in January 2024.
Bitwarden has announced its integration with Windows 11, currently in beta, which may present some functional limitations or instability until comprehensive testing and bug fixes are completed. This integration signifies a promising evolution in the realm of passwordless authentication, paving the way for a more secure digital landscape.
