Issues with 1password passkey creation in Mac OS
I am currently working on a personal hobby project on which I am trying to implement passwordless authentication with WebAuthn. While developing this, I am running into issues related to how the passkey functionality of 1password works on Mac OS.
First of all, I notice that whenever you start a registration through WebAuthn, 1password just adds a passkey to your vault. There is no confirmation or anything, it just creates the passkey. With all other authentication methods (such as for example physical keys and Apple's passkey implementation) you have to press something to confirm. It seems weird to me that with 1password the credential is just created without any confirmation from the user.
Secondly, even though as far as I can tell the passkey functionality has not been rolled out yet for Safari, 1password is also creating passkeys in Safari. However, this seems to prevent Safari's own popup from appearing. So I do not get the choice to use any other authentication method (such as a hardware key).
While I definitely applaud that 1password is introducing this functionality, and I will be happy to use this, the current implementation is really surprising to me.
1Password Version: 8.9.8
Extension Version: 2.4.1
OS Version: 13.0.1
Browser:_ Safari 16.1
Referrer: forum-search:passkey
Comments
-
Hi @Ruud:
First of all, I notice that whenever you start a registration through WebAuthn, 1password just adds a passkey to your vault. There is no confirmation or anything, it just creates the passkey. With all other authentication methods you have to press something to confirm. It seems weird to me that with 1password the credential is just created without any confirmation from the user.
Whilst we've begun rolling out support for passkeys in 1Password in your browser and the desktop apps, full support for passkeys is coming to 1Password in early 2023. This means that you may encounter some rough edges where registering and using passkeys in 1Password isn't quite polished yet, with the feature only currently supporting our passkeys demo on our site. However, you should see a prompt in the top right of your browser window that says "Register with" then the name of the website you're currently creating a passkey on.
And unlike other authentication methods, unlocking 1Password in your browser with biometrics or your account password will authorize creating and using passkeys like it currently does for filling all the other items from your 1Password account. Since there's no way to accidentally use a passkey on the wrong site, and there's little chance of it ending up in a data breach, we feel that our currently process of filling in the browser gives you both security and convenience.
Secondly, even though as far as I can tell the passkey functionality has not been rolled out yet for Safari, 1password is also creating passkeys in Safari. However, this seems to prevent Safari's own popup from appearing. So I do not get the choice to use any other authentication method (such as a hardware key).
This does seem strange but it does sound like you're running into a weird edge case whilst full support hasn't been released quite yet. In my testing, I can only get the Apple passkeys prompt to appear as expected. Could you let me know what website/domain this is happening on so I can take a closer look into this for you?
0 -
Hi @jac.pd_1p,
Thanks for your answer. It makes me happy to see that my feedback is taken into account, and that you are trying to make the best product possible. I don't mind encountering some rough edges, as long as I know that they are being worked on :-).
When you say there should be a prompt in the top right of the browser window that says "Register with", where and when exactly should I be seeing this? If for example I go to the passkeys demo in the Chrome browser on Mac OS, I don't think I am seeing this prompt. Only when I enter my username and click "Continue" does something appear, although I personally wouldn't describe this as a prompt, as much as a notification that my account is being created:
This does seem strange but it does sound like you're running into a weird edge case whilst full support hasn't been released quite yet. In my testing, I can only get the Apple passkeys prompt to appear as expected. Could you let me know what website/domain this is happening on so I can take a closer look into this for you?
The only place where I can get this to happen, is in the hobby project I am currently working on, which is running on localhost. Unfortunately, it's not something that is easy to share. If it helps, I am using the server and client from this library: https://github.com/MasterKale/SimpleWebAuthn. If time permits it, I will try to build a minimal example that shows this behaviour this weekend.
Again, thanks for your answer. I'll be following the developments closely, and I am very excited to see how the final product will look like!
0 -
Absolutely, we love hearing feedback and comments from our 1Password users! It helps us understand more about how we can improve the tools you use in your workflows each day :)
Only when I enter my username and click "Continue" does something appear, although I personally wouldn't describe this as a prompt, as much as a notification that my account is being created.
This 1Password prompt in the top right, shown in your screenshot, appears when the website is registering or signing you in with a passkey from 1Password. Like our PassParcel demo, websites will first require you to click on a button before a passkey is created or used to sign you in, which I find in my experience with passkeys a confirmation method.
Are you hoping to see a more visual indicator that you signed up for that website with a passkey, similar to how the "Sign in with" feature we launched today looks when prompting you to sign in with Google or Okta?
The only place where I can get this to happen, is in the hobby project I am currently working on, which is running on localhost.
Oops, that was our doing 😅 As the development team were working on passkeys in 1Password, we added an exception to localhost:8080 which wasn't removed before shipping the version of 1Password for Safari currently in the App Store. We've since corrected the issue in later releases of 1Password in the browser, so this should be back to normal in the next release of 1Password for Safari. Using any other port for your server should show the Safari prompt again as expected.
0 -
This 1Password prompt in the top right, shown in your screenshot, appears when the website is registering or signing you in with a passkey from 1Password. Like our PassParcel demo, websites will first require you to click on a button before a passkey is created or used to sign you in, which I find in my experience with passkeys a confirmation method.
Are you hoping to see a more visual indicator that you signed up for that website with a passkey, similar to how the "Sign in with" feature we launched today looks when prompting you to sign in with Google or Okta?
Personally I would have liked it if you get a prompt similar to the prompt 1password shows when saving an account with an auto-generated password:
Or for example something like the confirmation that Safari shows you when you generate a passkey (this screenshot is in Dutch, but hopefully it gets the idea across):
There are a couple of reasons why I would like this behaviour:
- It makes me feel in control when I have to press a button to confirm I want to store this credential. If a website is not particularly clear what is going to happen if I click a "Register" button, I might not expect a credential to be stored.
- It allows me to make changes to whatever is being stored in my 1password -- maybe I want to add or remove some fields before the credential is stored in 1password.
- It allows me to choose a different method of generating the credential -- maybe I want to use my Yubikey, or the iCloud Passkey functionality. (I will admit that my understanding of how WebAuthn works is far from perfect, so this argument may or may not be valid.)
Oops, that was our doing 😅 As the development team were working on passkeys in 1Password, we added an exception to localhost:8080 which wasn't removed before shipping the version of 1Password for Safari currently in the App Store. We've since corrected the issue in later releases of 1Password in the browser, so this should be back to normal in the next release of 1Password for Safari. Using any other port for your server should show the Safari prompt again as expected.
This explains a lot 😅. I was really confused why I was getting this popup in Safari, even though Safari is not yet supported. I did not even get the popup on the demo site! But this makes total sense to me. So this is just a bug, and not something for me to be worried about 😁.
0 -
Apologies for the delay in getting back to you here 😅
Thanks for providing some more context on what you'd like the passkeys prompt to appear as when saving them in 1Password, you do raise some very good points that I agree with myself too! I'll go ahead and share your comments on why you'd prefer this behavior with our teams working on passwordless in 1Password so they can investigate further as they work towards launching this in 1Password in early 2023.
And I'm glad to hear that we were able to clear up that localhost mishap together. Totally nothing to be worried about, just an exception in the code that wasn't removed before shipping the update so that our development team could test passkeys in 1Password on their own devices!
ref: IDEA-I-2355
0
