Passkeys-like Support?

aIgeaaIgea
Community Member
in Mac

I know Apple has been trying to push Passkeys or passwords-less sign-in for a while now. After the features introduced in WWDC, it seems like this year it will take off. Is there a plan for 1password to integrate passwords-less sign-in feature?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • spearsonspearson
    Community Member

    I had the same question and wondered how 1Password will adopt this?

  • HomerHomer
    Community Member

    I've read a number of articles just published today after the WWDC announcement of Passkeys in the new macOS and iOS, and from what I'm reading, it looks like Apple, Microsoft and Google are working together on the standard . . . which will obsolete passwords, and thereby the need for password managers.

  • PeterG_1PPeterG_1P

    Team Member
    edited June 8

    Hi folks! Thanks for these questions, I'm happy to speak to this.

    This might come as a surprise to some, but we welcome passwordless approaches for authentication. Our goal is make it easier and more secure for you to do whatever you need to do - regardless of what kind of prompt is on the website in front of you.

    As @Gilles9 mentioned, that's part of why we've joined the FIDO Alliance. And as the video embed in the blog post shows, we've already started working on a feature that will let you use 1Password as a WebAuthn device for passwordless logins. And we're continuing to look at more ways to support whatever login methods you need.

    Which honestly to me is a relief, because last week (and this is a true story) I lost 20 minutes of a busy morning to a website that had multiple login options and very little in the way of guidance on how any of that corresponded to the initial user setup process. 😑 If I could have auto-filled with 1Password, that would have removed a heck of a lot of friction. And we look forward to providing that kind of solution for you!

    So, whatever the fate of passwords may ultimately be, we'll be here to:

    • help you boost your online security
    • secure and keep track of your digital stuff
    • get you where you're going online

    By the way, if you haven't checked it out yet, I'd recommend taking a peek at https://www.future.1password.com/ for a preview of where we're headed. We think that what's coming next is pretty exciting, and we hope you will too. 👀

  • mweitzmanmweitzman
    Community Member

    Thanks for the blog post and video. The WebAuthn support in the desktop app looks promising. I'd love to hear what you have planned for your mobile apps.

  • Jack.P_1PJack.P_1P

    Team Member

    You're very welcome @mweitzman! We're excited what the future holds, but it's still a bit early to share anything just yet. Stay tuned. 😄

    Jack

  • TravelSDTravelSD
    Community Member

    Any update on this? iOS 16 is out with passkey support. Would love to see 1Password support.

  • Dave_1PDave_1P

    Team Member

    @TravelSD

    We don't have any updates to share yet but keep an eye on our social media and newsletter for exciting developments in the future. 😊

    -Dave

  • cobaltjacketcobaltjacket
    Community Member

    I have a question about Passkeys support. Ostensibly, it should be locked to some piece of hardware (TPM, Secure Element, Yubikey, etc.) By implementing this functionality in 1Password, you are abstracting it. Will you offer the ability to allot 1PW for Teams/Families/Business accounts to restrict 1Password Passkeys to those who have authenticated using to 1PW via some hardware feature such as above?

    For example, let's say I have passkeys in 1Password. If I log into 1Password using my username/password and TOTP, I would not want to be able to access those 1Password-stored passkeys.

    But if I logged into 1Password using a passkey or even biometric auth on my device (FaceID, etc.) I should be able to access my passkeys.

  • jac.pd_1pjac.pd_1p

    Team Member

    Hi @cobaltjacket:

    Passkeys, the standard-based technology guided by the FIDO Alliance, are based on the same underlying technology that is used for physical security keys that you plug in to your phone or computer, but they are entirely software-based. Hardware security components still come into play in this process as the Secure Enclave on Apple devices and TPM on Windows are used to authenticate and verify users as they unlock 1Password, which is something that we use today in all our 1Password apps when available.

    The security issues around passwords has little to do with how they are stored in password managers, and instead how they can be found in data breaches and used across the web to access your accounts. Passkeys helps eliminate this problem since it consists of a lengthy private key that’s created on your device and never exposed to the outside world. When you sign in using a passkey, the website you’re visiting can’t access your private key. It can only verify that you possess it, and that it corresponds to a matching public key. This makes passkeys highly resistant to phishing and theft.

    1Password Teams and 1Password Business users already have the ability to enforce two-factor authentication on their users accounts, as well as being able to enforce an authentication method (such as security keys or Duo) that works best for their organization. And as is the case already with 1Password accounts, the Secret Key keeps your 1Password account safe by adding another level of security on top of your 1Password account password and is required to sign in to your account on a new device or browser.

    However, I'll be sure to share your feedback regarding this with the team as they work towards launching full passkeys support in 1Password in early 2023.

    -Jac

  • cobaltjacketcobaltjacket
    Community Member

    @jac.pd_1p : Understood. I get all of that but maybe an easier method would be to only allow access to a given vault if a given 1Password client instance was authenticated using one of the methods above.

  • jac.pd_1pjac.pd_1p

    Team Member

    @cobaltjacket: That is an interesting concept and is something I can see useful for some folks using 1Password, even outside of passkeys. The authorize–to–authenticate method is something that's already in use with the the 1Password Command-line tool, so I'll go ahead and open a feature request so the Product team can explore this further for more areas in 1Password.

    ref: IDEA-I-2284

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file