Passkeys: less than a stellar experience

Options
AndyPas
AndyPas
Community Member
edited February 2023 in 1Password in the Browser

I played with Passkeys last night and had less than a stellar experience.

I created a passkey on eBay, Best Buy and Kayak.

The Best Buy passkey I set up on my Mac in the Vivaldi browser. I guess because I did it in Vivaldi; the passkey did not get saved to the Apple Keychain, and it did not sync to all my Apple devices. I then went on my iPhone and created a Passkey for Best Buy and that DID sync across all my devices. But when I went back to my Mac, it would not let me login using that Passkey in either Vivaldi or Safari.

Next I went to eBay and created a passkey. I can see that Passkey in my iCloud keychain on multiple devices. But I can only use it on the device I originally created it. If I go to another device and try to login, I get prompted for my username. I type it in, and it always asks me for my password, never prompts me to use my passkey, regardless of browser.

Kayak is even worse. It let me create a passkey. That passkey is definitely in my iCloud keychain. And I can login to kayak.com with it on iPhone and iPad, but only in the browser. The Kayak app wants to send me a "magic link" to login. On my Mac, Safari sees the Passkey, but when I try to use it to login, it just doesn't work. I get the popup. I click the button and the Kayak website takes me to the page where I type in my username.

So, out of 3 passkeys I set up, all of them were a failure. Some takeaways:

  1. I don't want to store my passkeys in a vendor proprietary keychain. I need them stored a cross-platform third party app. I assume 1Password will do this for me.
  2. It's not good enough for websites to offer passkey support. Their apps need to have full passkey support also, and third party password managers need to have a hook into the OS to allow them to answer passkey requests. If I am forced to use Apple's Keychain on my iPhone/iPad to use Passkeys, then I will never use passkeys.
  3. I want to know why I have to enter a username for passkey authentication. Why isn't my username part of the passkey?

And my question now for 1Password, how is 1Password going to deal with these issues and make passkeys a better experience?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • rctneil
    rctneil
    Community Member
    Options

    Great thread, yes, I use multiple ecosystems of devices so passkeys really do need to be in a cross ecosystem/vendor system for me to take proper advantage of them. Cannot agree more on this.

    I have a feeling that passkey support will vary wildly for a while but once the setup and configuration and integration has been done by the platforms, vendors, devices etc, things will all iron out as people slowly switch to them. Everything will improve and I anticipate that all your questions and scenarios where you got stuck will be fixed in time. I hope so anyway!

  • AndyPas
    AndyPas
    Community Member
    Options

    Well, my biggest concern is the vendor lock-in. Imagine you're an iOS user and you have all your passkeys neatly stored in your iOS account. Then work makes you switch to an Android phone. I can see my passkeys on my Mac when I go into Passwords in the system settings. But I launch the Keychain app, they're not there. So, there no way to export or view them. And no way to move them to another platform.

  • clarino
    clarino
    Community Member
    Options

    On my Mac desktop using Chrome, I created a passkey using 1P's demo. That went smoothly so I'm disappointed that 1P won't support passkeys for any other site else yet. I too want 1P to save my passkeys, not my OS or my browser.

    Inspired by AndyPas's post, I then tried to create a passkey for Bestbuy. Chrome said "This passkey will only be saved on this device" and popped up a prompt for me to enter my password for, well, I don't know. I couldn't tell if it was asking for my desktop's login password or for my Google password. So is it storing the passcode in the MacOS Keychain or in Chrome?

    Then I tried eBay where I made even less progress. I went to the security settings and don't see passkeys mentioned anywhere. How does one set up passcodes at eBay? There must be one since AndyPas mentioned doing so. Here's my screenshot of eBay's Sign-in settings.

  • dorkbutt
    dorkbutt
    Community Member
    Options

    I am aware that 1Password has been making substantial effort in supporting Passkeys with its service, but with Google making the bold move of 100% supporting Passkeys, I wanted to make use of it by having it part of my 1Password account. However, running between my iPhone on Safari, MacOS on Safari and Google Chrome Canary, I have only been prompted to secure the Passkey behind the browser or Apple Keychain. I am wondering where the progress with Passkeys lie with being able to store them within 1Password instead of having me scatter my Passkeys throughout web browsers.

    https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

    macOS Version: Ventura 13.3.1 (a) (22E772610a)
    iOS Version: 16.4.1 (20E252)

    macOS Safari: Version 16.4 (18615.1.26.110.1)
    macOS Google Chrome Canary: Version 115.0.5748.0 (Official Build) canary (arm64)

    iPhone 1Password: Version 8.10.6 (81006010)
    Safari Extension: 1Password in the browser 2.10.0 (20246)
    macOS 1Password: 1Password for Mac 8.10.4 (81004032)


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: macOS 13.3.1 (a)
    Browser:_ Not Provided

  • croldham
    croldham
    Community Member
    Options

    This problem just got a whole lot worse because Google turned on Passkey support for non-Google Workspace accounts today. Non-technical users are about to get super frustrated because without 1P support Passkeys created via a Chrome-engine browser are indeed locked to the device where they were created. There is some support in Chrome for signing in by taking a picture of a QR code presented by the browser with an iOS device, but to make that happen seamlessly you would have had to create the Passkey with Safari on macOS or iOS and store it in the iCloud keychain.

  • Dave_1P
    Options

    Hello everyone! 👋

    I wanted to share a sneak peak at passkeys in 1Password: Sneak peek: save and use a passkey to sign in to your Google account - YouTube

    Passkeys will be coming to 1Password in June. 🎉

    -Dave

This discussion has been closed.