What's the Passkey relationship to PIN iOS access?
If Passkey access via biometrics fails it falls back to using the simple (4 digit in my case) PIN. So if someone sees me enter my PIN and then gets physical access to my phone they can access my Passkey protected accounts and even all my 1Password vaults if I've setup Passkey access to 1Password itself.
Then again maybe I'm misunderstanding how they work :)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hello @pinacate! 👋
Thanks for the question! Are you referring to using a passkey saved in 1Password to sign into a different website or app? Or are you referring to signing into 1Password itself using a passkey? The latter is only available in beta at the moment and isn't available for regular accounts protected using an account password and Secret Key.
If you're referring to using a passkey, saved in 1Password, to sign into a different website or app then you'll always need to use either Face ID/Touch ID or your account password to unlock 1Password before that passkey can be used. The only exception to this is if you've enabled device passcode unlock which is an optional feature: Use your device passcode, PIN, or pattern to unlock 1Password
I look forward to hearing from you.
-Dave
0 -
Good Morning, I was primarily referring to using a passkey saved in 1Password. In your response you say 1Password doesn't fall back to simply relying on device PIN. That seems like a reasonable way to go but it seems to be contradicted by the doc: https://blog.1password.com/passkeys-faqs/#how-do-you-use-passkeys.
"...You’ll most likely do this via Touch ID, Face ID, or Windows Hello. If you’re unable to use biometrics, the system will request the PIN or password that you normally use to unlock your device. Once you’ve authenticated, you’ll be signed in to your account."
-- Fred
0 -
I'm sorry for the confusion. That blog post is from May 2023, before we released our own implementation of saving and signing in with passkeys. The information there is more generic since passkeys were just being announced and we wanted to educate folks on the exciting new feature.
In your initial post you wrote:
If Passkey access via biometrics fails it falls back to using the simple (4 digit in my case) PIN.
Can you tell me the following:
- Are you using a 1Password account secured using an account password + Secret Key or a beta account secured using a passkey?
- The passkey that you're trying to use, is it saved in 1Password or iCloud Keychain?
- Do you have device passcode unlock turned on for 1Password?
How to check if device passcode unlock is turned on:
- Open and unlock 1Password.
- Tap the icon for your account or collection at the top left and choose Settings. (If you’re using an iPad, tap your account or collection at the top of the sidebar.)
- Tap Security.
- Do you see "Passcode" or "Allow unlocking with passcode" turned on?
I look forward to hearing from you.
-Dave
0 -
I'm running 1Password for Mac 8.1023.
The 'Security' tab doesn't show either "Passcode" or "Allow unlocking with passcode".
The categories I see on the 'Security' tab are: Ullock, Auto-Lock, Clipboard & Concealed Fields.
0 -
Thanks for the reply. Can you please tell me:
- Are you using a 1Password account secured using an account password + Secret Key or a beta account secured using a passkey?
- Is iCloud Keychain turned on for AutoFill: Settings app > Passwords > Password Options. If it is then can you turn it off and make sure that only 1Password is selected, then try to sign in using a passkey again. Are you still able to use your device passcode?
I look forward to hearing from you.
-Dave
0 -
Hi Dave - thanks for the responses. My primary concern was the assertion that Passkeys fell back to simple iOS device PIN authentication when stronger factors weren't available. You pointed out that the document I was looking at was out of date and that 1Password doesn't work as stated there. That's really all I needed to know. Thanks for that!
0 -
Sounds good. If you do have any other questions in the future then please don't hesitate to ask. The team and I are here to help. 🙂
-Dave
0