Why does an Apple fanboy like me need 1Password for Passkeys?

Tangible409
Tangible409
Community Member

Every device I have or anticipate having uses iCloud, and Apple’s implementation of Passkeys shares them across all devices. Given that, am I not just as well off to let Apple host my Passkeys, and use 1PW only for sites that don’t yet support them?

I apologize if this is an old question, but the only answers I could find refer to mixed-platform environments.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    edited November 2023

    Hello @Tangible409! 👋

    Good question! I'd start by recommending that, whichever password manager you choose, you keep your passkeys and passwords in the same place. There are two big reasons:

    1. Most websites typically don't allow you to fully replace your existing passwords with a passkey, they'll allow you to use either. This means that you'll want to hang on to your passwords for now and managing two different records, one containing passwords and the other a passkey, for the same website in two different managers will just give you a headache.
    2. Keeping credentials for websites split across two different password managers is confusing. It's better to keep everything in one place, whether you're logging in with a password, passkey, sign-in with, SSO, or some other method. Keeping website A in iCloud Keychain and website B in 1Password will soon become frustrating.

    1Password fully supports passkeys and once you save a passkey in 1Password it'll be available on all of your devices.

    I'm obviously biased but, as a fellow Apple fan, I use 1Password over iCloud Keychain in my personal life for a few reasons:

    I hope that helps!

    -Dave

  • XIII
    XIII
    Community Member

    Another reason might be that if you use a simple (6 digits) PIN code for your iPhone, it might be very easy for a thief of that phone to get to your passkeys (but if you use 1Password, they would also need your, hopefully much stronger, 1Password account password to access get to your passkeys).

    https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a

  • Tangible409
    Tangible409
    Community Member

    Dave, you make some good points. For now, I will continue to use passkeys in 1p, although once they become universal – a matter of years I think – that may change. The one weakness in your argument may be non-login data. Apple has an advantage in this stuff because it can offer such deep integration among its first-party apps.

    13, you also make a good point about stolen phones. Of course 1P has some of this same vulnerability, especially since it odiously and paternalistically insists that we re-enter the master password periodically, and always allows it in place of the biometric. That does require a double theft, of the phone’s code and the master password, so it’s more protected.

    The best defense is to not hang out in crowded bars at night, and to use a less convenient long password to open the phone when the biometric fails.

  • @Tangible409

    Unless you specifically decide to allow 1Password to be unlocked using your device passcode, 1Password for iOS will always require either your account password or biometrics to unlock the app. The issue that XIII brought up only applies to unlocking a password manager using a device passcode, not your account password.

    especially since it odiously and paternalistically insists that we re-enter the master password periodically

    You can choose how often your account password is required by following these steps:

    1. Open and unlock 1Password.
    2. Tap the icon for your account or collection at the top left and choose Settings. (If you’re using an iPad, tap your account or collection at the top of the sidebar.)
    3. Tap Security.
    4. Choose the desired time period for "Require password".

    I hope that helps!

    -Dave

  • Tangible409
    Tangible409
    Community Member

    @Dave_1P Thanks for the clarification, and especially for the ability to turn off the forced password entry. But I do look forward to a 100% passwordless future. I assume you guys are having lots of meetings about changing your name: 1 is one too many.

  • PMcI
    PMcI
    Community Member

    I have current 1P desktop & iPhone, but iOS 16 so have not yet begun using passkeys. I know there are reasons to use 1P other than passwords-cross-platforms, storing other info, et al. I was however surprised to learn that Apple Keychain, which I have not to date activated, is required for passkeys. Does this mean that passwords & passkeys will then be subject to Apple security measures (as well as 1P)?

  • Dave_1P
    edited November 2023

    @PMcl

    Thanks for the post. iCloud Keychain is not required to save passkeys in 1Password, passkeys are saved in 1Password itself and are protected using the same account password and Secret Key that protects your passwords and other items.

    You can learn more about using passkeys on iOS here:

    Let me know if you have any questions.

    -Dave

This discussion has been closed.