- Windows 11 integrates passkeys at the system level and allows the use of 1Password and Bitwarden as authenticators.
- 1Password generally works with its MSIX version; Bitwarden offers beta integration from GitHub.
- Activation is done in Settings → Accounts → Passwords → Advanced options with Windows Hello.
The arrival of passkeys to the Microsoft system is now a reality, and, moreover, with direct integration of third-party managers. Windows 11 incorporates native support for access keys managed by 1Password and BitwardenThis is an important step towards leaving behind traditional passwords and gaining security against phishing and credential theft.
This move didn't come out of nowhere: after months of testing with Windows Insider, Microsoft included it in the November security update (Patch Tuesday). The function is activated at the system level as a "system authenticator" and relies on Windows HelloThis allows you to validate actions with facial recognition, fingerprint, or PIN, and use those passkeys in a unified way across apps and browsers, even without extensions in many cases.
What are passkeys and what changes in Windows 11?
Passkeys are based on FIDO2/WebAuthn standards and replace the password with a pair of cryptographic keys. The private file never leaves your device, and the public file is stored on the service.Therefore, there is nothing to "remember" or that could be leaked in a conventional breach. This reduces the risk of phishing attacks to virtually zero, as the process is linked to the legitimate domain.
In the context of Windows 11, the novelty lies in the system layer: Microsoft allows managers like 1Password and Bitwarden to act as a "system authenticator"Just like on iOS and Android. Until now, the experience was more fragmented (for example, limited to the browser or proprietary tools), but this update centralizes the use of passkeys for the entire device.
That "system authenticator" relies on Windows Hello. Biometric or PIN authentication (Hello) unlocks your passkey storein a convenient and secure way. If you already use Windows Hello to log in, the switch to passkeys is very natural: it's the same layer of trust, now applied to compatible websites and applications.
Microsoft is also reinforcing its own manager as a native component of Windows, with synchronization via the Microsoft account. The transactions are protected by the administrator's PIN. TPM of the team and Azure's confidential computingThis raises the bar for security. Even so, the biggest change for many users is being able to continue using their usual account manager.
And here come the protagonists: 1Password and Bitwarden are the first to integrate. 1Password is generally available with the latest MSIX versionBitwarden, while initially offered in beta through its GitHub repository, allows users to save and use passkeys from their vaults and, importantly, in apps and browsers without the need for an extension in numerous scenarios.
Incidentally, although the competition already had a head start (Apple and Google have been promoting passkeys since 2023), Microsoft has opted for a broad integration and compatibility with third parties.The move may seem late, but the important thing is that the Windows ecosystem is joining the passwordless wave with a system solution well-oriented to real-world use.
How to activate and use passkeys with 1Password and Bitwarden
First of all, make sure your system is up to date. Native support for passkey managers arrives with the November 2025 security update (KB5068861)which is what activates this unified experience and the advanced options page to choose the system authenticator.
Once Windows is updated, the process is simple. Install the official app of the password manager you are going to use (1Password or Bitwarden) If the system prompts you to activate it as a system authenticator, follow the wizard. If it doesn't appear, you can do it manually in Settings.
The exact path in Windows 11 is easy to remember: Settings → Accounts → Access keys → Advanced optionsFrom there you select your preferred manager to act as the system authenticator, and when you choose, Windows will ask you to confirm with Windows Hello to link it.
From that moment on, you will be able to create and use passkeys transparently. When a website or app offers "Create a passkey" or "Use a passkey", Windows will display suggestions from your authenticator. (1Password, Bitwarden, or Microsoft's own). It's the centralized experience you've been asking for: a single access point for everything.
With 1Password, the integration is straightforward and stable. You need the latest version in MSIX format (The rollout is progressive), and you can enable password autofill within the app itself. Open the 1Password app and go to Settings → Autofill, where you'll find the "Show password suggestions" option to keep it readily available.
In addition, Windows allows you to activate 1Password from the system panel itself. In Settings → Accounts → Passwords → Advanced options you can choose 1Password as the system authenticator This will unify the experience for all your logins. In many cases, you won't even need the browser extension to use your passkeys.
Bitwarden is also joining in strongly, although for now it's in beta mode. The feature is being tested with the desktop app available in their GitHub repositoryWhile it reaches the standard installation. It is fully functional for creating and using passkeys, and can also operate without an extension in most scenarios.
As with any beta version, it's advisable to take precautions. Bitwarden recommends trying a separate, dedicated account. To avoid risks to your everyday data, as beta builds are not yet production quality. If you encounter bugs, the community suggests reporting them on GitHub for the team to fix.
If you're interested in trying the Bitwarden beta, the process suggested by its community is very straightforward. 1) Create a GitHub account and 2) download a beta build of the desktop appwith the expected warnings for software in testing. After that, in Windows the rest is identical: you choose it as the system authenticator in Advanced Options and confirm with Windows Hello.
From a usage point of view, there's not much science to it. You'll be able to "Save as passkey" when a service allows it, and from there, log in with Windows Hello. without typing passwords. This works in both browsers and applications, which is one of the major differences compared to the previous version on Windows.
A clear advantage of using 1Password or Bitwarden is the synchronization between devices. The passkeys you store in your favorite manager can accompany you throughout your ecosystemThis simplifies your daily tasks if you combine a PC, laptop, and other devices. The same applies if you choose the Microsoft manager, which syncs through your Microsoft account.
If you're worried about security, it's worth remembering how all of this is protected. Windows Hello unlocks your passkey vault, TPM securely stores secrets, and Azure Confidential Computing adds layers in the cloud. for critical operations. The passkey itself does not travel, and is useless outside the domain to which it belongs.
What about browser support? Thanks to the "system authenticator" role, apps and browsers on Windows can invoke the native passkey selector.That's why the manager extension is no longer essential, although it can still be useful for other functions, such as secure notes or legacy passwords.
In your day-to-day life, you will notice very specific improvements. The sign-up and login processes become faster and more convenient.And the problems of remembering or copying passwords disappear. In companies and shared environments, this leap also translates into fewer incidents of compromised credentials.
One important interesting fact is that this feature didn't come out of nowhere: Microsoft began testing 1Password as a passkey provider months ago within the Windows Insider programThe result is an integration that is now available worldwide, with 1Password stable and Bitwarden on the beta launch ramp.
Bitwarden, remember the beta quality notice. Test builds are not yet at production level and may fail.Hence the recommendation to use a separate account and to report any errors on GitHub so that the team can review them as soon as possible.
With 1Password, in addition to adjusting it from Windows, it's worth going into its settings. Activate "Show password suggestions" in the Autofill section so that the manager suggests passkeys in compatible forms and you don't have to search for anything manually.
Finally, there is one detail that will please those who value interoperability. Now you can create new passkeys for all kinds of sites from Windows and save them directly to 1Password or Bitwardenand use them instantly to log in from the browser or from applications that call the system authenticator.
For those who arrive with "old-fashioned" passwords, the transition may be gradual. You don't need to migrate everything in one day; you can keep passwords where there are no passkeys yet. and adopt passkeys in services that already support them. Over time, the proportion of passkeys will grow without you having to do anything else.
It is also logical that, in this first stage, some websites display varied nomenclatures: "Log in without password", "Access key", "Passkey", etc. The important thing is that when you choose Passkey, Windows will open the native selector and suggest the available vaults.including 1Password, Bitwarden, or the Microsoft manager if you have them configured.
The overall balance is positive: the experience is more consistent and secure than with passwords and SMS codes. Authentication is resistant to phishing and reuse.And you also save yourself the hassle of entering complex passwords or relying on unreliable second factors.
If you come from the Apple or Google ecosystem, you'll be familiar with Windows adopting this system authenticator role. It's the same idea: a native layer that orchestrates passkeys and integrates with your manager., the team's biometrics and hardware security. And, from now on, with official support for the two most popular managers.
Looking to the near future, it is expected that more managers will join and that passkey compatibility will extend to more services. Microsoft has already made it clear that its strategy involves promoting a passwordless ecosystemAnd opening the doors to 1Password and Bitwarden is an important step to accelerate adoption.
Anyone using Windows 11 today has top-notch tools to simplify their digital life. Update to the version with KB5068861, choose your authenticator (1Password or Bitwarden) and activate Windows HelloFrom there, creating and using passkeys becomes almost automatic and, above all, much safer than memorizing passwords.
