Bypass existing passkey?

max2770

I would like an option to bypass an existinng passkey (ie. let me use a Yubikey). Right now, the behaviour is to use the passkey right away when a website triggers the WebAuthn workflow. While this is useful in speeding things up, I would love to have an option by website to use the passkey (ie. "Use passkey by default") or to prompt for either the 1P passkey or the system dialog.

Alternatively, you could implement a prompt resembling the SSH auth prompt every time, but this adds complexity - enabling this prompt on a website-by-website basis would be best.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

ag_timothy

Hi @max2770, thanks for writing in.

I can certainly see the benefit in an option to select which authentication method you'd like to use on a particular website, or set a default. It's always good to have personal insights in the feedback we file. So, if you can let me know any additional details as to why this feature would be helpful for you, I'll be able to pass that on to the Product team.

Thanks again!

PBAdams

Hi @ag_timothy I'd like to +1 this.

The scenario is when one tries to register security keys after a 1Passwrod Keypass has been created.

Example: I recently created a 1Password-managed Keypass for yahoo.com. I then tried to register backup Yubikeys. When Yahoo prompted me to insert a security key 1Password sent the Passkey, and the new security key registration failed. This behavior is 100% reproducible on other sites whenever a 1Password passkey is created before security keys have been registered on the site.

I consider this behavior a serious bug and would advocate for a mechanism in 1Password to enable security key registration once a Passkey exists for a login.