Password managers make opposite calls on biometrics
A new biometric passwordless authentication feature has been launched by Bitwarden to increase the speed and convenience with which users can log into their web vaults.
The feature uses native device biometrics, and is secured with end-to-end zero-knowledge encryption, a “client fingerprint phrase” and two-step login that adds a step following the biometric authentication. The operation must also be performed on a recognized device.
The passwordless unlock feature also includes a PIN Code option as an alternative to using biometrics.
Bitwarden has also been selected as the integrated password manager for DuckDuckGo for Mac to improve the security of the privacy-focussed web browser.
The integration provides end-to-end encrypted password management from Bitwarden, according to a company announcement.
DuckDuckGo for Mac is currently in open beta.
Slightly more flexibility but no biometrics for Google
Google Password Manager for Chrome and Android now offers quicker access through a shortcut on the home screen of an Android device, reports Android Police.
The built-in password manager has previously functioned only within other apps, rather than as a native app like Bitwarden or LastPass.
The change is part of the June 2022 system update, but Android Police criticizes the company’s failure to add a biometric verification option when opening the password manager, again highlighting a difference from password management competitors.
Hackers have gained access to some LastPass customer information, the company has discovered in investigating the fallout of an incident from this past August.
The company says customer passwords remain secure due to its zero-knowledge architecture. It is continuing to deploy security measures and monitoring to detect and mitigate threat activity.
“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” writes LastPass CEO Karim Toubba in a company blog post. “In the meantime, we can confirm that LastPass products and services remain fully functional.”