Once you have setup a passkey, what to do with your password?
I have setup a few passkeys. Very cool. However, what to do with the password (and TOTP-codes)? Do you need to keep it? Or, maybe, once you are using a passkey, the password won't work no more? I mean, if your password gets compromised, is it still usable for an attacker?
1Password Version: 8.10.8
Extension Version: 2.12.0
OS Version: macOS 13
Browser:_ Chrome
Comments
-
It really depends on the site, for example with Google, they may still occasionally require your password for certain things, so you have to keep it. Others like Carnival allow you to make an account to begin with only a passkey and nothing else. It's very early days so most are like Google instead of Carnival, most still require passwords for initial sign up and still might need it occasionally.
0 -
As a start, I keep the passwords of course. Just in case I get the situation where passkeys will not work. For example on still unsupported systems. In a few years I guess, I will realize which accounts with passkeys I never actually used a password for years any more, so I could remove those passwords. However, this is in a few years.
0 -
As @BrandonGiesing and @Tertius3 have mentioned, this will really be dependent on how the website is using passkeys.
- Some will allow you to sign in using only a passkey (a "true" replacement for your username and password).
- Some will still require you to have a username and password for backwards compatibility.
- Some will only be using passkeys as a form of two-factor authentication.
For now, I'd recommend keeping your existing sign-in details alongside your new passkey in the Login item. As an example, my Google account still has the username, password, and one-time password, as well as its new passkey, since there might be situations where a passkey can't be used, and I can't "turn off" the password for my Google account.
I hope that helps. :)
— Grey
0