Q - What exactly happens when we unlock an already trusted app with a passkey?
I was wondering.
When we unlock an installed app, let's say 1Password on the browser on ChromeOS, we have to log in again with a passkey.
I suppose this is necessary to get again the key to the vault itself, be it from our system or from your system.
(I will call this key the master key, forgive me if it is wrong.)
The question is: when unlocking the 1Password app with a passkey, is there (a) new a handshake with the server for security purposes, so it is not necessary to store an obfuscated master key on the system, or (b) the passkey handshake is done locally, just "unmasking" the master key stored on the device?
Thank you.
1Password Version: Not Provided
Extension Version: 2.18.1
OS Version: ChromeOS 119.0.6045.212
Browser: Chrome
Comments
-
Hello @lengotengo! 👋
Thank you for the questions! Our Security Design white paper goes into detail about how passkey unlock works both during the initial authentication process and for subsequent unlocking of the 1Password app. Please see Unlock with a passkey or single sign-on on pages 42 to 48 and Device keys used with passkey and single sign-on unlock on pages 80 to 81:
Let me know if you have any questions after giving that a look. 🙂
-Dave
1