Passkeys on Bank of America - can create, but not use

steve28
steve28
Community Member
in Browsers (Edge, Chrome, Firefox, etc.)

You appear to be able to sign up for a passkey on Bank of America, if at the top of the page, you go to:

[Your Name] → Profile & Settings → Security Center → [Scroll down to Increase Your Device Security] → Review → USB Security Key

Even though it says "USB Security Key" it will create a passkey, which was recognized by 1password extension (Arc with extension ver 21200201). Great. However, when I go to log in, my browser (tried Arc and Safar) both put up the dialog to insert a USB key or use a QR code. It seems 1P does not recognize that it is asking for a passkey:

I

1Password Version: Mac 8.10.8 (81008024)
Extension Version: 2.12
OS Version: macOS 13.4
Browser:_ Arc, Safari

Comments

  • Joy_1P
    Joy_1P
    1Password Alumni
    edited June 2023

    Hey @steve28, I was able to reproduce the behavior. The interesting thing is that after I closed the prompt for the passkey from the browser, and selected to Try Again, BOA recognized the passkey stored in 1Password and logged me in. Could you close the prompt, select to Try Again, and let me know if that's what happens on your end as well?

  • Joy_1P
    Joy_1P
    1Password Alumni
    edited June 2023

    @steve28 Just to follow up, I think the issue is more on the Bank of America side than anything. If you have a passkey saved for an account, the workflow should be like this:

    1. Go to the website and click to log in.
    2. Select the option to sign in with your passkey.
    3. Get signed in.

    On the BOA website, I don't have a login option with a passkey. I have to sign in with my username and password before I am prompted for the passkey. Is that the same for you?

    If so, I believe that this login process is truly meant for a USB security key (a second factor) and not for passkeys (not a second factor). They might use the same tech on the backend, which is why a passkey can be saved when you select to sign in with a USB security key, but the implementation on BOA's website doesn't fully support passkeys (at this time).

    That said, I did create a ticket for our developers to take a closer look at this on our end. We'll check to see if there's anything we can do to help!

    ref: dev/core/core#22486

  • steve28
    steve28
    Community Member

    Thanks for following up. I think you are right - it's being used as a second factor rather than in lieu of a password. And as you said, it's meant for a USB key.

    Hopefully they will adopt true passkey support soon.

  • Joy_1P
    Joy_1P
    1Password Alumni

    @steve28 I hope Bank of America will support passkeys in the future too! You can always keep up with our directory for updates on websites that support signing in with passkeys: https://passkeys.directory. Since I've looked, we've added one new website. Hopefully, the list continues to grow.

This discussion has been closed.