Passkeys-like Support?

aIgea
aIgea
Community Member

I know Apple has been trying to push Passkeys or passwords-less sign-in for a while now. After the features introduced in WWDC, it seems like this year it will take off. Is there a plan for 1password to integrate passwords-less sign-in feature?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • spearson
    spearson
    Community Member

    I had the same question and wondered how 1Password will adopt this?

  • Homer
    Homer
    Community Member

    I've read a number of articles just published today after the WWDC announcement of Passkeys in the new macOS and iOS, and from what I'm reading, it looks like Apple, Microsoft and Google are working together on the standard . . . which will obsolete passwords, and thereby the need for password managers.

  • PeterG_1P
    edited June 2022

    Hi folks! Thanks for these questions, I'm happy to speak to this.

    This might come as a surprise to some, but we welcome passwordless approaches for authentication. Our goal is make it easier and more secure for you to do whatever you need to do - regardless of what kind of prompt is on the website in front of you.

    As @Gilles9 mentioned, that's part of why we've joined the FIDO Alliance. And as the video embed in the blog post shows, we've already started working on a feature that will let you use 1Password as a WebAuthn device for passwordless logins. And we're continuing to look at more ways to support whatever login methods you need.

    Which honestly to me is a relief, because last week (and this is a true story) I lost 20 minutes of a busy morning to a website that had multiple login options and very little in the way of guidance on how any of that corresponded to the initial user setup process. 😑 If I could have auto-filled with 1Password, that would have removed a heck of a lot of friction. And we look forward to providing that kind of solution for you!

    So, whatever the fate of passwords may ultimately be, we'll be here to:

    • help you boost your online security
    • secure and keep track of your digital stuff
    • get you where you're going online

    By the way, if you haven't checked it out yet, I'd recommend taking a peek at https://www.future.1password.com/ for a preview of where we're headed. We think that what's coming next is pretty exciting, and we hope you will too. 👀

  • mweitzman
    mweitzman
    Community Member

    Thanks for the blog post and video. The WebAuthn support in the desktop app looks promising. I'd love to hear what you have planned for your mobile apps.

  • You're very welcome @mweitzman! We're excited what the future holds, but it's still a bit early to share anything just yet. Stay tuned. 😄

    Jack

  • TravelSD
    TravelSD
    Community Member

    Any update on this? iOS 16 is out with passkey support. Would love to see 1Password support.

  • @TravelSD

    We don't have any updates to share yet but keep an eye on our social media and newsletter for exciting developments in the future. 😊

    -Dave

  • This content has been removed.
  • Hi @cobaltjacket:

    Passkeys, the standard-based technology guided by the FIDO Alliance, are based on the same underlying technology that is used for physical security keys that you plug in to your phone or computer, but they are entirely software-based. Hardware security components still come into play in this process as the Secure Enclave on Apple devices and TPM on Windows are used to authenticate and verify users as they unlock 1Password, which is something that we use today in all our 1Password apps when available.

    The security issues around passwords has little to do with how they are stored in password managers, and instead how they can be found in data breaches and used across the web to access your accounts. Passkeys helps eliminate this problem since it consists of a lengthy private key that’s created on your device and never exposed to the outside world. When you sign in using a passkey, the website you’re visiting can’t access your private key. It can only verify that you possess it, and that it corresponds to a matching public key. This makes passkeys highly resistant to phishing and theft.

    1Password Teams and 1Password Business users already have the ability to enforce two-factor authentication on their users accounts, as well as being able to enforce an authentication method (such as security keys or Duo) that works best for their organization. And as is the case already with 1Password accounts, the Secret Key keeps your 1Password account safe by adding another level of security on top of your 1Password account password and is required to sign in to your account on a new device or browser.

    However, I'll be sure to share your feedback regarding this with the team as they work towards launching full passkeys support in 1Password in early 2023.

    -Jac

  • This content has been removed.
  • @cobaltjacket: That is an interesting concept and is something I can see useful for some folks using 1Password, even outside of passkeys. The authorize–to–authenticate method is something that's already in use with the the 1Password Command-line tool, so I'll go ahead and open a feature request so the Product team can explore this further for more areas in 1Password.

    ref: IDEA-I-2284

This discussion has been closed.