Passkey login on a remote machine without 1P installed
I am struggling to figure out a working solution for the following scenario:
- Connecting to a utility Mac located in a remote datacenter or office via Screen Sharing (say in a conference room, where it is a public unit used for videoconferencing/etc)
- Needing to login as myself to some web service via Passkey
- Not wanting to install 1Password on this public device or login to 1Password/web.
For iCloud Keychain Apple tells folks to just scan the Passkey QR code with a device that has the desired passkey, but then there is a bluetooth handshake that occurs to verify that the device is in the vicinity of the machine that needs to authenticate. In a remote-over-vpn scenario this doesn't work.
Pre-passkey I would ensure I had a strong but easy-to-type password for the service, and hopefully the service also allows TOTP MFA (also easy-to-type).
Is there a secure workflow for this scenario?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi @croldham
I would say you've got a good understanding of the limitations of passkeys for situations when connecting to a remote environment. Unless you're able to install 1Password on that remote computer/server, using a passkey to sign in to an account would be difficult/not possible because of the Bluetooth handshake needing to take place between the two devices.
Services typically offer passkeys-based sign in alongside passwords or other passwordless authentication methods like email codes or SMS codes. This is one workaround to signing in to accounts with passkeys but authenticating using other methods in situations like the ones you've mentioned, like you're remoting into a data centre.
0