Feature Request: Choose between multiple passkeys (different accounts) for same website

cheil_1password
cheil_1password
Community Member
edited January 5 in 1Password in the Browser

I am excited to see passkey support in 1Password! Thanks for leading the charge 1Password Team!

I have multiple Google accounts - one for email and one I do not give to anyone to secure my Google services. I set up the second account to use a passkey and saved it to 1Password and all went well. I was able to sign out and then sign back in successfully. I then set up the first account to use a passkey and saved it to 1Password. Saving the passkey went well but trying to sign out and sign back in did not work as expected. 1Password did not give me the option to choose which Google account's passkey I wanted presented and it presented the second account's passkey over and over again. Did I miss a step?


1Password Version: Not Provided
Extension Version: 2.12.0
OS Version: 13.0.5672.127
Browser:_ Chrome

«1

Comments

  • TataruTaru
    TataruTaru
    Community Member

    This is my experience as well, though I think that's because currently, 1PW is trying to make the login fast and transparent.

    I'm not sure if 1PW ever reads the email/username, but just checks the URL and provides any passkey/password for that URL.

  • This content has been removed.
  • Katya
    Katya
    Community Member

    I have this same issue. It seems that 1PW selects the "first" Google account (according to whatever arcane organizational method it uses; possibly the first one you created a passkey for) and tries to use that passkey. I have this issue on Firefox, Edge, and Chrome (all of which I regularly use for different things). There are up/down arrows in the 1PW popup (all the way to the right, slightly above and below the box containing the information on which account it's trying to use), but they seem grayed-out, and it goes by so fast that I haven't managed to click on them to see if they're actually functional.

  • Hey @cheil_1password, @TataruTaru, @OlivierP, @Katya,

    I'm having a hard time replicating the behaviour you are describing.

    I have 2 Google accounts and on going to accounts.google.com I select the account I want to sign in to and then 1Password offers to sign in with the passkey saved within the item for that account.

    What I did notice is when I was saving the passkey for Account 2 1Password offered to updating my existing item for Account 1 and I had to manually select Account 2 before clicking save. Did you experience this? Could it be that when saving the passkey for your second account you might have updated the first?

    Any detail you can provide or steps for me to reproduce this would be really helpful.

  • TataruTaru
    TataruTaru
    Community Member

    Saving passkeys aren’t an issue. I just get it to update the right account. However when you login, you aren’t presented with the option to select which account on Google to pull the passkey.

    So it will always use the top passkey on the list of drop downs that match that url.

    I had a video but I couldn’t really censor my emails and I don’t want to list it publically. But I can share the YouTube link internally if that helps explain.

  • Frenk
    Frenk
    Community Member

    You can reproduce it on https://passkeys-demo.appspot.com/. Create 2 different accounts and save them in 1P. Then click the 'one button sign in' button and click on 'sign in with passkey'.

    It'll always take the first passkey, you're not able to choose between the accounts. If I use the default passkey manager in Chrome, I'm able to choose between two accounts when clicking the sign in button.

  • cheil_1password
    cheil_1password
    Community Member

    TataruTaru and Frenk have it covered but happy to provide additional information if needed. Thanks @steph.giles .

  • Katya
    Katya
    Community Member

    @steph.giles In another thread about issues with Google logins, a 1PW team member said it was discovered over the weekend that having a period in a Google username might be causing problems. In my case, the account that 1Password tries to use the passkey from (regardless of which account I'm trying to log in to) does have a period in the username.

    It also appears to be the first Google account that's listed in 1PW; this can be verified by changing the name of the login to change its position in the alphabetical order of logins. Immediately, whatever Google login is now at the top, alphabetically, becomes the one it tries to use the passkey from.

    I'm on Win10 Pro, using Firefox (v114.0) with 1PW beta v2.12.1, and Edge (v114.0.1823.41) and Chrome (v114.0.5735.110), both with 1PW beta v2.12.0. 1PW desktop is v8.10.8 (81008013, on BETA channel). Everything should be up to date, though I've got Windows locked down to 21H2 so it doesn't try to auto-update me to 11. If there's any other info I can provide to help, let me know!

  • shadowplayer
    shadowplayer
    Community Member
    edited June 2023

    I have multiple logins to the same site and i don’t seem to see an option to pick which Passkey to use. On iOS the native passkey process shows the available passkeys…whereas iPassword it seems to just use the first one alphabetically.

  • rctneil
    rctneil
    Community Member

    I've had the same issue. How to use an alternative passkey to sign into a different account.

  • Hi @shadowplayer and @rctneil

    I hope you both have been enjoying saving and signing in with passkeys from 1Password since the feature launched into Open Beta. Whilst you're currently not able to manually select a passkey when signing in, the development team are actively investigating this and how selecting a passkey of your choice during the sign in process will work in certain scenarios, such as if you have multiple items with passkeys for the same website.

    I don’t have any information or dates on when this will be addressed. Instead, I recommend keeping 1Password in your browser up-to-date to ensure you’re receiving the latest features and improvements to saving and using passkeys during this Open Beta:

  • rctneil
    rctneil
    Community Member

    Ok, Thanks. I would hope that this is quite high up on the to-do list as it does seem rather fundamental. and also a departure from how Password items work. With password items, if you have multiple for Google, then it doesn't just auto select, you have to choose.

  • I totally understand @rctneil, thank you for your feedback.

    Let us know if there's anything else we can help with in the meantime.

  • Ryan Parman
    Ryan Parman
    Community Member

    @shadowplayer @rctneil: Are you using separate login entries? I don't want to assume.

    I also have this issue as a frequent user of multiple accounts on certain websites.

  • shadowplayer
    shadowplayer
    Community Member

    Yes

  • XIII
    XIII
    Community Member

    Super disappointed that this is still not implemented! 😢

    Instead of enabling me to use passkeys, 1Password is now preventing me from using them...

    (I have multiple accounts for multiple services)

  • Hilary_1P
    edited July 2023

    Hi @XIII! My name is Hilary and I'm a Senior Developer on the Filling and Saving team, focussing my time exclusively to passkeys.

    The decision to make auto-signing in of a passkey has been changed based on the really great feedback we've been hearing. For context, the original decision was made in hopes to ease the sign in flow by making it automated. But it's had the opposite effect for many users, like yourself, which is why we're pivoting.

    I'm actually working on the account selection flow right now! If it all goes well, it will be going out in a Nightly release soon!

    In the meantime, if you hop onto our Stable release, you won't be enabled to use passkeys in 1Password but you at least won't be blocked from using passkeys in general.

  • XIII
    XIII
    Community Member

    @Hilary_1P That is fantastic news! Thank you for sharing.

    Passkey support is great for services where I have just a single account, so I don’t want to go back to Stable…

    Can you please update us when this selection functionality has become available in the Nightly channel?

  • TataruTaru
    TataruTaru
    Community Member

    Hopefully passkey selection can be setup like the URL schema. So you can have passkeys be auto login, unless you set a flag that url has multiple options, so you get a switcher, that way the original vision could be maintained.

  • steven1
    steven1
    Community Member

    Will 1Password both
    -allow us to choose the account to be used (several gmail, Microsoft accounts)
    -and prompt for biometrics at each passkey use?
    Not sure the WebAuth standard mandates this, but it sure is nice on iOS and macOS currently that Safari pops up a biometric request (FaceId on the phone).

    Apple’s implementation is really nice at the moment, and if 1Password doesn’t allow us to authenticate each passkey use request, I would seriously consider using iOS macOS native passkey syncing and using 1Password for other site details. This is what my workflow is currently and honestly, it is a nice workflow to get a confirmation of which account is being used and to require biometrics. Hope 1pw doesn’t go too far in trying to one up the UX currently. Recall, for sites that support passkeys, once windows adds support, you only have to allow each site once on the windows box using a QR scan to have the passkey live separately in table Windows ecosystem as well. Not ideal, but at least we don’t have to ‘type in’ the password. Once scanned, it can be available separately on two platforms.

    Really hope I don’t have to do this and 1Password can replicate the nice workflow / UX currently already available.

  • dangh
    dangh
    Community Member

    @Hilary_1P pls take into account that the passkey should not be available if it's stored in an inactive vault so we can skip unnecessary account selection. The current behaviour is frustrating because it keeps picking the passkey that should be disabled together with the vault.

  • @XIII I've merged my work into the main branch so it should be available in Nightly either today or tomorrow!

    @dangh I've also merged a fix to exclude disabled vaults from the sign in flow :) That should be in Nightly soon as well!

    I unfortunately won't be able to keep checking in on this thread as often as I'd like, so apologies in advance if you don't hear from me about more updates. But the Product and Support teams monitor these forums so hopefully all other concerns are addressed :)

  • XIII
    XIII
    Community Member

    I've merged my work into the main branch so it should be available in Nightly either today or tomorrow!

    Thank you for doing that and notifying everyone here!

    Will try tomorrow (if available).

  • XIII
    XIII
    Community Member

    PS: Does Nightly refer to the channel of the App, the browser extension, or both?

  • XIII
    XIII
    Community Member

    Changed the Release Channel to Nightly for the (macOS) App (and updated the App afterwards), but can't find Nightly builds of the Safari (or Firefox) browser extension...

    This set up does not support multiple passkeys for 1 site it seems. Or do I need to wait one more day?

  • XIII
    XIII
    Community Member

    @Hilary_1P Sorry to tag you, but the Support team did not answer yet and I'm eager to try your new functionality...

    What do we need to install/configure to test this in Safari (or Firefox) on macOS?

    (tried two days in row with Nightly App and beta extension, but 1Password still auto-selects a passkey)

  • Hi @XIII

    As it stands we have nightly builds available for Chrome. We don't have any immediate plans for nightly builds for Safari or Firefox, but these changes should be making their way through to betas (and ultimately stable releases) soon. 🤞

    Ben

  • XIII
    XIII
    Community Member

    Thanks for answering!

    Then I’ll have to patient…

  • Komma
    Komma
    Community Member

    With the nightly build, choosing between accounts works really well on GitHub, but if there's only one option, like on Google, where the email is already selected, I think the step could be skipped like before.

  • Hi @DoppelKomma

    Thanks for letting us know!

    The reason we're now asking you to choose even when there is only result is to confirm you do actually want to be logged in. The thought is that a website could send a request and force you to browse it while logged in, if you have a Login for that site. By having the you consent to the authentication, you have the choice of browsing the site anonymously or logged in.

    Ben

This discussion has been closed.