Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden.
This is possible after the Windows security team worked together with third-party managers to improve passwordless authentication by developing a passkey API for Windows 11.
The new feature has been introduced with the November 2025 security update for Windows 11, released yesterday.
Passkeys are a secure authentication mechanism that follows the FIDO2/WebAuthn standards, utilizing private-public key cryptography for local challenge signing and server-side verification, rather than passwords.
When users register on a passkey-enabled site or app, Windows generates a key pair, with the private key securely stored on Microsoft Password Manager, 1Password, or Bitwarden.
Source: Microsoft
From then on, when attempting to log in on that site or app, a challenge is served to Windows, and the user is requested to verify themselves using Windows Hello, which is protected by PIN and biometrics authentication.
The system is considered superior to passwords due to its portability, higher convenience for users, and immunity to phishing attacks.
Microsoft has been pushing the adoption of passkeys on Windows, and the addition of third-party app support via the new API adds more flexibility for users.
In addition to the third-party app support, Microsoft has also integrated Microsoft Password Manager from Microsoft Edge natively into Windows as a plugin to allow users to choose their passkey manager.
Microsoft highlights the following security benefits for this development:
Passkey creation, authentication, and management are protected by Windows Hello
Syncing is available across Windows devices when signed into Edge with the same Microsoft account
Syncing is protected by the manager PIN and a cloud enclave
Azure Managed Hardware Security Modules (HSMs) safeguard encryption keys
Sensitive operations run in Azure Confidential Compute
Recovery uses Azure Confidential Ledger
Source: Microsoft
Microsoft Edge introduced passkey saving and syncing with Microsoft Password Manager earlier this month, in version 142 and later, for Windows 10 and above.
Bitwarden has supported passkey storage and management since November 2023 and introduced “Log in with Passkeys” in January 2024.
The popular password manager announced the Windows 11 integration via an update on its original feature launch announcement, noting that its system-level integration on the OS is currently at beta stage.
This means that there may be functional limitations or potential instability until sufficient broad-scale testing and bug fixing happens.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
