New to passkeys

more_cowbell
more_cowbell
Community Member

I’ve been putting off messing around with passkeys and finally thought I’d setup up and account or 2 to test it. I setup Home depot with passkey from Safari on my iPad and it sees to work great and my HD account says I have passkey setup. But, when I go to HD from a windows pc it shows that I’m currently singing in with a one time passcode and shows “sign in faster by enabling face or fingerprint id. Am I missing something? Trying to understand how it works across devices with 1Password.

Also, what is the general practice with sites that support passkey but you also have OTP setup? Keep using it or no longer nesassary?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • gladfrauseverely
    gladfrauseverely
    Community Member
    edited November 2023

    Same exact issue here too. I even used HD as my first. The AIs will have taken over and we will still be neanderthalling our way through login screens.

  • more_cowbell
    more_cowbell
    Community Member

    It’s definitely wonky. I started with HD because I don’t want to start with more heavy use sites on my part.

  • Hello @more_cowbell! 👋

    I'm sorry that you're running into trouble with using a passkey on Home Depot's website. Some of my colleagues were able to reproduce the same issue. It looks like Home Depot is currently asking folks to create a new passkey on each device even if a passkey is already saved and synced to that device using 1Password, I've flagged this to the team to look into further but this sounds like something that Home Depot may need to change on their end.

    Also, what is the general practice with sites that support passkey but you also have OTP setup? Keep using it or no longer nesassary?

    Unlike passwords, you can’t create a weak passkey. Passkeys are generated by your device using a public-private key pair, which makes them strong and unique by default. Passkeys can’t be phished like a traditional password because the underlying private key never leaves 1Password – this also makes them resistant to social engineering scams.

    Two-factor authentication was designed to add an additional layer of protection to passwords against phishing. Passkeys are already resistant to phishing and can be considered to have the same level of security as a password plus two-factor authentication, with a lot less friction.

    That being said, most websites and services don't allow you to get rid of your password entirely. There are also some devices or websites that might not yet support passkeys so keeping your password for now, protected with two-factor authentication, is a good idea.

    @gladfrauseverely

    I've replied to you over in the other thread that you posted in: https://1password.community/discussion/comment/699866/#Comment_699866

    -Dave

    ref: dev/core/core#26140

This discussion has been closed.