Open source password management platform Bitwarden has made its first known acquisition, snapping up a fledgling Sweden-based startup called Passwordless.dev, which specializes in helping developers integrate passwordless authentication technology into their software.
The news comes shortly after 1Password and LastPass rival Bitwarden announced its first outside funding since its inception in 2015, securing $100 million from PSG and Battery Ventures. The company also revealed at the time that it had raised a previously undisclosed Series A round in 2019.
The password problem
Similar to other password management services, Bitwarden is designed to make it easier for individuals and enterprises to automatically create hard-to-guess passwords, and store them all in a secure vault. It’s all about helping people to not re-use the same predictable password across all their online services. Bitwarden’s key selling point, though, is that it’s open source — or, at least, it’s source available, meaning that it promises full transparency into the codebase, while also allowing the community to contribute and help develop new features.
Now, Bitwarden is looking to capitalize on a burgeoning trend in the online security sphere, one that is looking to consign passwords to the history books — compromised passwords, after all, are responsible for most business security breaches.
Indeed, there has been a concerted push toward passwordless authentication across the technology landscape. Last year, Apple, Google and Microsoft partnered in support of a new password-free sign-in standard called WebAuthn, while separately Apple introduced a new feature called Passkey that allows people to use their Apple device to log-in to online services without passwords.
Bitwarden, for its part, already offers some support for passwordless authentication, such as biometric logins for Bitwarden’s own apps, while it also supports physical two-factor authentication (2FA) security keys such as YubiKey. But by bringing Passwordless.dev under its wing, Bitwarden wants to make it easier for developers to bake native biometric sign-in smarts into their software, while allowing enterprises to modernize their existing applications that currently rely on passwords.
Founded out of Sweden in 2020, Passwordless.dev has largely flown under the radar since its inception. But the company provides APIs built on WebAuthn, a web standard developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to support secure password logins. Passwordless.dev essentially makes it easier for developers to bring WebAuthn to software with a few lines of code, reducing many of the costs and complexities involved in introducing passwordless authentication to software.
From today, Bitwarden has launched a new beta service called Passwordless.dev by Bitwarden, which allows any third-party developer to embed biometric sign-in technology such as Touch ID, Face ID, and Windows Hello into their apps.
“This saves weeks of coding do-it-yourself passkey implementations,” Bitwarden CEO Michael Crandell explained to TechCrunch in an email. “Enterprises also have business applications that still rely on passwords for authentication and want to provide users with passwordless experiences. Bitwarden Passwordless.dev helps them quickly add WebAuthn and passwordless authentication features into these applications.”
Passwordless.dev by Bitwarden will be free through its initial beta period in Q1 2023, after which the company said it will offer paid plans that cover certain levels of usage and features.
While Bitwarden isn’t disclosing how much it paid for the startup or how many employees it’s taking on as part of the deal, it did confirm that Passwordless.dev hasn’t raised any external funding in its two-plus years in existence, meaning it likely didn’t break the bank for the acquisition.
Bitwarden also confirmed to TechCrunch that Passwordless.dev will continue to be offered to developers independently of other Bitwarden products.
Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords by Paul Sawers originally published on TechCrunch