How to log in with another device

Although most people log into their Bitwarden vault with a master password, there is a more convenient method of doing so called passwordless authentication. Bitwarden includes this feature in the form of Log in with device. 

With this feature, any time you log into Bitwarden on one device (such as a desktop or laptop), you can opt to use your mobile or desktop app to approve those authentication requests instead of typing your master password. The authentication requests last 15 minutes. If a request isn't approved or denied within that time frame, they expire.

Attempt to log into your Bitwarden account from another app and you'll see a new Log in with device button (Figure 1).

Tap that button and, back on the approving device, tap Confirm Login (Figure 2) on the popup to allow access to your Bitwarden vault on the requesting device.

That's all there is to enable the Log in with device feature on Bitwarden. You now can forgo ever having to type your password to access your Bitwarden vaults. This is what passwordless authentication is all about: convenience and security all in one.

1. The initiating client (such as your Bitwarden mobile app) POSTs a request. Each request includes the account email address, a unique auth-request public key (which is uniquely generated for each passwordless login request and only exists for as long as the request does), and an access code. These requests are posted to an Authentication Request table in the Bitwarden database.

2. Any Bitwarden desktop or mobile app that is logged in and has a device-specific GUID stored in the Bitwarden database is provided the request.

3. Once the request is approved, the approving client encrypts the account's master key and master password hash using the auth-request public key enclosed in the request.

4. The approving device then PUTs the encrypted master key and encrypted master password hash to the Authentication Request record and marks the request fulfilled.

5. The initiating client GETs the encrypted master key and encrypted master password hash.

6. The initiating client then decrypts the master key and master password hash locally using the auth-request private key.

7. The initiating device uses the access code and fulfilled authentication request to authenticate the user with the Bitwarden Identity service.

8. The vault is unlocked and ready to use.

Ready to try out secure passwordless authentication today? Register for an individual account or start a free enterprise trial to join the global community of businesses using Bitwarden to manage and share their passwords and credentials securely.