Passkeys versus security keys

Community Member
edited November 15 in 1Password in the Browser

I'm really enjoying passkeys so far. There is some confusion however:

  1. For sites like Google and Microsoft, you can create passkeys that are real passkeys, i.e. they can replace your passwords
  2. For sites like Github, you can add a security key as a two factor auth step. 1Password successfully offers me the ability to add a passkey as a security key, but they aren't passkeys in the strictest form right?

May be it would be helpful to document this behavior? It's perfectly fine if 1Password offers me the ability to add a virtual security key as a second factor to a password, but then it shouldn't be called a passkey.

1Password Version: Not Provided
Extension Version: 2.12.0
OS Version: Windows 11
Browser:_ Firefox


  • Hey @leonardder

    It's great to hear you're enjoying the open beta of saving and signing in with passkeys in 1Password! You're right in saying there's two "forms" of passkeys in a sense; The ones used to sign you in to your online accounts and services without a password or two-factor authentication, and the ones that are used as a second factor method alongside a password.

    They are both the same passkey that are FIDO2 compliant, with some websites replacing the whole password and two-factor authentication journey with a passkey whilst some are just using them as an option for a second factor. This is a website naming thing and 1Password will support both for saving and signing in since it's the same underlying technology for authentication.

    Our documentation will mostly refer to passkeys under the first point you have mentioned where they are used as an alternative to passwords. And you can also check out a full list of websites and services that support signing in with a passkey under your first point on our website!

  • leonardder
    Community Member

    Thanks for clarifying!

  • I'm happy that Jac was able to help! 🙂


  • marcinkurek
    Community Member
    edited November 14

    I'd still love to be able to differentiate between both in the UI without resorting to custom notes or tags. They may share the same implementation but they serve a different purpose.

    When a website which implements security keys eventually implements passkeys, the existing security keys won't become passkeys - I will still need to migrate.

    As such, it would also be useful if the watchtower could differentiate between the two.

  • Hey @marcinkurek,

    Thank you for you feedback, I see where you are coming from.

    I have passed your suggestion on to our product team to see if we can better differentiate between the two in a future update.

    Please let us know if there is anything else we can help with at all.

    ref: PB36889210