Trouble saving passkeys for websites flagged by Watchtower
Hey everyone.
So watchtower in iOS (iPhone) shows logins I have which support passkeys, this is great!
However, most of the items flagged up in watchtower ALREADY have passkeys! They were created while I logged in using my iPhone and 1password (to initially log in to set up passkey) but the authorized device is my iPhone and NOT 1P. Why doesn't 1Password add the passkey to the exiting login too?
When I'm on my windows machine and create a passkey 1P offers to autosave it, then it syncs it and the passkey appears together with the usual login information on my iPhone, I can then log into the website using passkey. So how can I get the iPhone version of 1Password to do the same thing?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
To add another issue to my "passkey Woes" above, I have realised that some of the "Passkey Available" notices in Watchtower are not quite accurate... for example, I have a local Independent Pharmacy near me and they only have a basic website; I was exited and quite impressed that they had implemented passkeys on their website - according to Watchtower!
Alas, I spent a good 20 minutes trying to find the passkey option on the website, after a quick phone call it transpires that they DO NOT offer the passkey security. On further investigation, I came to the realisation that Watchtower was looking at my username of said pharmacy which happened to be my Yahoo email address, and it was that email address to which Watchtower was telling me there is a passkey login available (or at least that's what I thought!) - A brief look in the security settings of my Yahoo email didn't mention anything about passkeys either!
This is just one example of the many watchtower notifications regarding passkeys which are not actually supported for the sites flagged.
Please enlighten me!
0 -
Hello @TOWS! 👋
I'm sorry that you're running into trouble with passkeys on your iPhone. You wrote:
They were created while I logged in using my iPhone and 1password (to initially log in to set up passkey) but the authorized device is my iPhone and NOT 1P. Why doesn't 1Password add the passkey to the exiting login too?
It sounds like you may have saved those passkeys in iCloud Keychain, not 1Password, is that correct? In order to save a passkey in 1Password on your iPhone you'll first need to do the following:
- Update your iPhone to iOS 17: Update your iPhone or iPad - Apple Support (CA)
- Update 1Password for iOS to the latest version: How to keep 1Password up to date
Then use this guide to save a passkey: Use 1Password to save logins and sign in to apps and websites on your iPhone and iPad
Alas, I spent a good 20 minutes trying to find the passkey option on the website, after a quick phone call it transpires that they DO NOT offer the passkey security. On further investigation, I came to the realisation that Watchtower was looking at my username of said pharmacy which happened to be my Yahoo email address, and it was that email address to which Watchtower was telling me there is a passkey login available
That doesn't sound right. Is the pharmacy listed on the directory: https://passkeys.directory/
Do you only have the pharmacy's website address saved in the Login item for the pharmacy? Or do you see multiple website addresses in that Login item?
This is just one example of the many watchtower notifications regarding passkeys which are not actually supported for the sites flagged.
Are you able to share screenshots of one or two of these notifications? Make sure that nothing sensitive is visible in the screenshots.
I look forward to hearing from you.
-Dave
0 -
@Dave_1P
Hello, thanks for your response. :)It sounds like you may have saved those passkeys in iCloud Keychain, not 1Password, is that correct?
Yes, this is correct, I actually did it prior to iOS 17 too. I understand now. So, essentially, now I should be able to save passkeys created on my iPhone into 1password.
That doesn't sound right. Is the pharmacy listed on the directory: https://passkeys.directory/
No, the pharmacy is NOT on the passkeys directory website. Incidentally, my username is my Gmail address NOT Yahoo mail address as stated above, it was actually my Gmail address (although I can't see that making any difference to the issue) Once I added a passkey to my Gmail account, the pharmacy login disappeared from Watchtower as an item with passkey available.
Do you only have the pharmacy's website address saved in the Login item for the pharmacy? Or do you see multiple website addresses in that Login item?
Just the pharmacy.
Are you able to share screenshots of one or two of these notifications? Make sure that nothing sensitive is visible in the screenshots.
I do not have any more of these incorrectly identified passkey websites anymore, what I do have left in my watchtower alerts is alerts for my Yahoo Mail, PayPal, and Virgin Media.
Virgin Media UK does not support Passkeys yet (apparently, according to a user forum and VM official answer)
Yahoo Mail had NO reference to Passkeys AT ALL Even a Google Search didn't yield any results for me, maybe its a UK thing again because I went to account>settings>security>passwords and 2FA> and all I was show was this:
PayPal will only let me create a passkey on iOS apparently, this screenshot is from Brave browser on Windows (although I also tried Chrome and Edge) as you can see PayPal do not seem to want 1Password to handle any of my passkeys!
I followed the "FAQ" link and started reading but I started to lose the will to live and didn't read all the rhetoric!
0 -
The issues continue...
So I went my Microsoft accounts and setup passkeys on those. The passkeys show in 1password in Browser, but its not syncing with 1password for windows! Watchtower is STILL flagging up my Microsoft accounts as "Passkeys available"
0 -
Update on this mini saga!
- The Yahoo Mail issue is now resolved; Essentially, I had to turn off the security feature on my Yahoo account whereby I had to tap "Yes" (or no) to confirm/deny a login request via the Yahoo App. This then allowed for a passkey to be setup as a "security Key"
- Miraculously, the Microsoft issue where 1Password was not syncing the "passkey available" watchtower notification is now resolved and 1Password is syncing this information across all (my) platforms.
What's still not right;
1. The Pharmacy issue is still a mystery.
2. The Virgin Media (UK) issue is still a mystery
3. The PayPal (UK) is still a mystery0 -
I have just 'found' another two "passkey available" messages from Watchtower (which I had hidden before all these issues came to light) which do not exist.
I have two flickr accounts. flickr does not appear on the passkey directory website. flickr used to be tied to a Yahoo mail account but not anymore. As you can see from the screenshots one of my accounts uses a yahoo email the other a gmail email both use the same URL. For what ever reason (like the pharmacy issue in a previous post above) Watchtower insists that passkeys are available when they simply ARE NOT!
Incidentally, tapping/clicking on the "use passkey" button in watchtower takes you to the Yahoo login page even though the only link in both screenshots is clearly NOT Yahoo.
0 -
Ok, so this post is kind of getting rather long and has become more of a daily diary entry than a support forum! I didn't mean for it to get that way, things just happen :) Also, I seem to report, troubleshoot and fix my own issues LOL
OK, so I have now sorted my PayPal issue too! (hooray!) I deleted my passkey which was created by me before iOS 17, this was saved into iCloud keychain as @Dave_1P correctly identified. I then deleted the passkey from my PayPal account AND from keychain in iOS. I then went back to PayPal and went through the motions of creating a new passkey, this time around, I got a message about 1Password remembering my passkey (this didn't happen pre iOS 17 even though 1Password was marked at the ONLY password manager in settings) I created a new passkey and after confirming everything with 1Password and PayPal, the app crashed and didn't save the passkey (although is did save in 1Password) I had to do this several times with the PayPal app crashing each time until eventually it accepted the passkey.
All this was done on my iPhone 14Pro Max running iOS 17.1 and the latest (and greatest) 1Password.
So after all these issues mentioned above, I am now down to the last two issues. The Flickr account "passkey available" issue which the devs here on 1Password need to sort out like @ag_tommy kindly mentioned and the UK Virgin Media which still seems to be a regional issue for the UK (although if anyone from the UK can confirm they have the same issue is would be handy)
until tomorrow's entry goodbye for now!
0 -
Ok folks, this is the last post in the series of my passkey woes! and with that I have some good news, I have now got my Virgin Media account setup with a passkey! yay! So if you've been following along with my trials and tribulations and all things passkey, you will know that the last issue I had on my list was that Virgin Media did not make it very easy to add a passkey to my account. The passkey is now in place.
Here are the steps (in my case) which was preventing the addition of a passkey. Quiet simply, because I created my account from my iPhone said iPhone was now my "trusted device" meaning after entering username and password face ID finished off the login process. I removed my trusted device and then proceeded to add a new "trusted device" I used "windows hello" (more on this later) then 1Password popped up like a knight in shining armour offering to save a passkey for me! So there you have it, all my issues are (*almost) over.
My findings, and recommendations as a non technically experienced user: I recommend setting up passkeys from a desktop computer and here's why;
If you are trying to add a passkey to any account flagged by 1Password's Watchtower, don't expect to login to that account and see the option of "add a passkey to your account" (although lots of sites will have this option) sometimes they disguise it as setting up "2FA" or "trusted device" or "security key" or "window hello" etc etc. This is what was stumping me. If you are at a website which doesn't have the straight forward "add a passkey to your account" way of doing things, in my experience, iPhone doesn't make it very easy to create a passkey in those situations and although_ it is_ possible, its very cumbersome.
On a desktop computer, it doesn't matter what they call passkeys on your particular account of your particular login -good old 1Password 8 for windows has your back! after choosing whatever description the website uses for a passkey and you go through the process of setting up that device, 1Password pops up and offers to save a new passkey for that site for you! sigh of happiness and then it will sync it to your mobile device so that you can now login without any issues and without jumping through multiple hoops setting passkeys from your phone.
Now don't get me wrong, setting up passkeys using 1Password and your iPhone does work, I have created several that way and it was easy, its only the sites which don't' treat (and name) passkeys as passkeys which makes mobile creation of passkeys a bit of a pain.
So, there you have it folks what started out as a support request ended up as a personal quest and thankfully all my issues are now resolved* It just required some lateral thinking, buckets of tenacity and a smidgeon of luck :)
*The last issue in Watchtower is that Flickr is flagged as having "passkeys available" this is not the case and only the devs here at 1Password can sort this one out!
0 -
@bugwhat Hi there! I’m not really qualified to answer your questions and offer support for your situation, that’s the job of these fine folks here at 1Password support.
The only thing I can say for sure is that if you had a computer you could fix all the issues you have by following along with my previous experiences and fixes in the previous posts above.
I’m not 100% sure I understand what your Google issue is but for the Yahoo account you can try the steps I performed above, (from your iPhone) but I don’t know if you will get the same results as I did since I was using a PC.
0 -
Thanks for sharing your experience! I'm happy that you were able to figure everything out and I'm sure that other folks will find it useful as they're going through the process of saving passkeys. 🙂
The last issue in Watchtower is that Flickr is flagged as having "passkeys available" this is not the case and only the devs here at 1Password can sort this one out!
Indeed,
flickr.comandyahoo.comare linked as shared credentials which matches the issue that Tommy mentioned. We've added your report to the internal work item for the issue. Hopefully this will be fixed in the future.I've replied to you in the other thread. Let's continue the conversation there.
-Dave
ref: dev/core/core#24202
0 -
Hey all - I'd just like to quickly point out that the same issue affecting Flickr and Yahoo also affects:
- NVIDIA (https://www.nvidia.com) and NVIDIA Store (https://store.nvidia.com)
- Amazon (https://www.amazon.com/) and AWS (https://signin.aws.amazon.com)
for which separate accounts are needed despite using the same domain name (and therefore, despite what Watchtower says, neither NVIDIA Store nor AWS supports passkeys). Cheers!
1 -
@ag_tommy Flickr was sold by Yahoo! in 2018. It doesn't use passkeys so it shouldn't be flagged by Watchtower.
0 -
Gotcha! I talked with another user the other day who mentioned that. Thanks for the mention. Do you have checking for passkeys disabled?
1Password > Preferences (Settings) > Privacy -- Watchtower0
