Will the future Unlock with passkey allow unlocking one device with another?

People have been asking to unlock 1Password on one device (typically the desktop apps or the various browser plugins) using another device, typically a phone with biometric unlock, for some time. See https://1password.community/discussion/86246/ or https://1password.community/discussion/68328/

I admit this feature would make my life easier, because I've been typing my master password dozens of times a day for years (on average 2 computers × 3 browsers × several lock timeouts a day.) But I don't want it to be easier at the expense of security.

With the upcoming passkey support for 1Password accounts https://blog.1password.com/passkey-secret-key-account-security/ it seems that this could become a reality, because being public-private key pairs, passkeys should allow unlocking a device safely using another, without sharing private secrets.

Will it be possible to:

  1. click on a browser extension icon or desktop icon on my PC;
  2. have my phone show a notification from the 1Password app, asking me to confirm unlocking 1Password on device X in country Y, or some such;
  3. be able to confirm the passkey using my phone's biometrics, which will sign the challenge that was created on the other device at step 1. and send it back over the network?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hey there @tobia

    In short, yes. If the passkey that unlocks your 1Password account isn't present on the device you're using then you'll have the option to scan a QR code with another device such as your phone to securely use its passkey instead. This is exactly the same as any other passkey implementation, such as signing into a website, using a passkey from another device.

    On your other device, you'll be prompted to unlock 1Password, and will be shown a short verification code (6 alphanumeric characters) and you'll need to enter that on the new device to confirm that you want to sign in. This means that signing in to 1Password somewhere new is always a deliberate action that you confirm you want to do from one of your trusted devices.

    After that, if supported by that new device, you can use biometrics such as Face ID or Touch ID on iOS/iPadOS, Touch ID or an Apple Watch on macOS, Windows Hello (with face, fingerprint or PIN), your fingerprint on Android, or system authentication on Linux to unlock 1Password conveniently, just like you can do now with existing 1Password accounts unlocked with a Secret Key and account password.

    The "Step 2" section of this article will help show how signing in works in practice:

    Unlock 1Password with a passkey (private beta) – Step 2: Sign in on another device

    Let me know if you have any questions or would like any help with any of the above. :)

    — Grey

  • laxplayer37
    laxplayer37
    Community Member

    Is this only an example of what you hope to do? I created a test account, and am able to unlock using a passkey, but this does not unlock my actual account with all of my stored passwords.

    Is there any easy way to unlock 1password on my pc using my phone?

  • @laxplayer37

    This feature is in beta right now and requires you signing up with a test 1Password account for this purpose. We're looking to roll out passkey unlock to existing 1Password accounts in the near future, but for now you can have a try with unlocking a 1Password account with a passkey using a test 1Password account.

    Unlock 1Password with a passkey (beta)

    Please let me know if you have any questions, or would like any further help. :)

    — Grey

This discussion has been closed.