Icon conflict in Safari fields
I did a quick search and couldn't find a recent posting, so hopefully this isn't a repeat. I want to use Apple Keychain ONLY for Passkeys because I want to use my biometrics and 1Password doesn't require that 2nd factor before it supplies the Passkey. IMO better security to keep separate.
In order to use Passkeys in the Apple Keychain, I'm now required to turn on passwords for Safari so it can supply the Passkey. However now I have Apple and 1Password fighting over who gets to fill in the fields on Safari. I've seen, I believe with ProtonPass, that they have a button whereby you can move the manager icon off to the right so it isn't buried under all the other icons. Is that something that can be considered or am I missing an easy solution for my use case? (I want to stick with Safari instead of going to Firefox for the integration with Keychain and other convenience features.)
Thanks in advance
1Password Version: 8.10.23
Extension Version: Not Provided
OS Version: 13.6.3
Browser: Safari 17.2.1
Comments
-
Hello @Netsec! 👋
Thank you for the question! I recommend that you only use 1Password to save both your passwords and passkeys. If you keep both Keychain and 1Password enabled in the same browser then you'll run into situations where passwords or passkeys will be saved in the wrong place or in multiple places at once.
That being said, I've passed along your suggestion and request to the team.
I want to use Apple Keychain ONLY for Passkeys because I want to use my biometrics and 1Password doesn't require that 2nd factor before it supplies the Passkey.
Passkeys saved in 1Password are protected using the same security and encryption that protects your passwords and other items. If 1Password is locked then you'll need to use biometrics, or your account password, to unlock 1Password before you can use a passkey to sign into a website. You can configure 1Password to lock more often if you wish: How to set 1Password to lock automatically
Can you tell me a little more about why you'd like to be prompted for biometrics every time that you use a passkey but not when you use a password?
-Dave
ref: PB-37727461
ref: PB-377274980 -
Thanks for getting back to me. I'll admit my workflow with 1P is not ideal, but I'm going to blame my wife. See, we share the single password so we both have full access to all our passwords. I've been trying to get her to have her own account, I've created the family and all its ready, but change is difficult and I know she would be concerned of having "separate accounts." I know 1P can handle it, but getting there is a long process.
With that in mind, knowing I've just got that single password protecting our lives, as a security guy I just feel better with true 2FA. I actually store my OTPs in a separate app rather than 1P for the most important accounts "just in case." I understand that the probability of a "LastPass event" happening with 1P is astronomically low, but...
Maybe for the three of us in the world that feel the same way there could be a toggle added to settings to require biometric authentication before submitting a passkey from 1P? Just a thought.
Thanks again.
0 -
Thank you for those details. I agree that creating separate family member accounts for you and your wife is the way to go. Doing that would allow each of you to have a private vault which is accessible only to you, and a shared vault that you both would have access to: Share passwords with your family
With that in mind, knowing I've just got that single password protecting our lives, as a security guy I just feel better with true 2FA.
It's worth mentioning that your 1Password account is protected not only by your account password but by your Secret Key as well: About your Secret Key
Maybe for the three of us in the world that feel the same way there could be a toggle added to settings to require biometric authentication before submitting a passkey from 1P? Just a thought.
Thank you for the suggestion! I've passed it along to the team. 🙂
-Dave
0 -
I agree to @Netsec in having a more granular control option of 1Password in the Browser extension authorization with biometric than currently available. Shortest timeout is 15 minutes, however for the 1Password apps e.g. iOS I can have a option to lock the app (not browser extension) immediately after the app is in the background. Personally, I do not mind having to use TouchID or FaceID everytime I open the 1PW app and I wish I could have such a setting for the browser extension as well. Or is there a specific reason why the shortest timeout here is 15 minutes?
0 -
1Password in the browser locks at the same time as the desktop app according to the preferences set for auto-lock: How to set 1Password to lock automatically
You can set 1Password to lock after your computer has been idle for 1 minute if you wish.
The desktop environment is different from the mobile environment. Specifically, if 1Password required that you unlocked it each time that you used it then using tools like Quick Access would be much more cumbersome since you would need to unlock 1Password again and again before being able to search for even the simplest term.
-Dave
0