Why do sites that I’ve enabled passkey on still hold my asterisked password?

deltabravosierra
deltabravosierra
Community Member

Ok, I’ve set up passkey on a couple of sites, Adobe and Google. Both show registered passkeys. I get the little 1Password dialogue asking me to sign in and it all seems to work ok…however on looking at my account details on these sites, although it shows a passkey is registered for each it also shows and asterisks in a field next to ‘password’ Maybe I don’t understand this fully, but I though the whole idea of passkeys was to use a PKI model where the traditional (legacy) password was no longer stored anywhere in the site you’re logging in to, hence there would be no credential to hack or steal?only a public key which would be useless to anyone.

My assumption is that these passwords shouldn’t exist or be required one on that site you’ve moved to passkey on that site. Can some one explain how passkeys increase your security IF the website still has a record of your password?

Regards,

DBS.


1Password Version: 8.10.18
Extension Version: 2.15.1
OS Version: Ios 17.0.3
Browser: Safari

Comments

  • Unknown
    edited October 2023
    This content has been removed.
  • Hello @deltabravosierra! 👋

    Thanks for the question! Passkeys are still very early days and different websites have decided on different implementations. Some websites will allow you to completely replace your password with a passkey and then forget your password, most websites currently seem to allow you to add a passkey as an alternative sign in method but still keep the password option.

    Since not all devices support passkeys you might need your password to sign in to your account on those devices.

    Let me know if you have any other questions. 🙂

    -Dave

  • deltabravosierra
    deltabravosierra
    Community Member

    Ok, that’s fair enough.

    Thanks for the reply.

  • I'm happy to help. 🙂

    -Dave

This discussion has been closed.