Password-less Windows: 1Password & Bitwarden Integrate Via New Passkey Plugin API
A new capability has emerged within the Windows ecosystem, reshaping the familiar approach to system sign-in and credential management. The November 2025 update to Windows 11 introduces native support for third-party passkey managers, opening the way to a more flexible and secure password-less authentication model. Microsoft is advancing a vision in which passkey technology becomes not merely an alternative, but the primary mechanism for authentication—developed in close collaboration with independent credential-management vendors.
With the new update, Windows now supports plug-in passkey managers that integrate directly with the system at the plugin layer. The first participants in the program are 1Password and Bitwarden, with more providers to follow. The architecture builds on an expanded interaction model with Windows Hello, enabling passkeys to be stored and used through facial recognition, fingerprint scanning, or PIN verification. The system binds the manager to the device at the moment a passkey is created; from that point onward, access to the keys is governed by biometrics, while all operations are mediated through native OS mechanisms.
The arrival of plugin-based managers brings several notable advantages. Users can choose the tool that best fits their established ecosystem and employ it in browsers and applications without extra extensions. The creation and use of passkeys becomes faster and more dependable, with synchronization extending across Windows devices and mobile platforms, ensuring that keys remain accessible regardless of the device from which a user signs in.
Microsoft has integrated its own Microsoft Password Manager from the Edge browser directly into Windows, transforming it into a full-fledged system plugin. Passkey storage and use are protected by Windows Hello, and cross-device synchronization is tied to a single Microsoft account. Data exchange is safeguarded by the manager’s PIN and Microsoft’s cloud infrastructure, which employs hardware-backed cryptography via Azure Managed HSM, while sensitive operations are isolated within Azure Confidential Compute. Recovery mechanisms are anchored in the tamper-proof Azure Confidential Ledger, adding an additional layer of protection against interference.
For enterprises and home users alike, the new architecture makes the transition to password-less sign-in significantly simpler. Passkey technology is now embedded in the operating system by default, and third-party managers gain a unified, standardized interface for interacting with Windows. This approach strengthens security by eliminating weak passwords, reduces exposure to phishing attacks, and accelerates routine account access.
Microsoft notes that the ongoing evolution of the passkey ecosystem will unfold in parallel across Windows, cloud services, and hardware solutions. The company emphasizes the importance of industry-wide cooperation—where software developers and device manufacturers work together to build a resilient security architecture designed for long-term use.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
