Request to update 1Password & 2FA article with passkeys

r3r344r4
r3r344r4
Community Member
edited April 2 in Lounge

Hello,

I keep returning to this article https://blog.1password.com/1password-2fa-passwords-codes-together/ about storing 2FA codes with passwords and their impact on the security of accounts to refresh my understanding.

Could you please update this article to explain how passkeys fit into this security model and what the best practices are?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hello @r3r344r4! 👋

    I can definitely pass your request along to the team but passkeys don't fit into the model that the article is talking about: passwords + two-factor authentication.

    Two-factor authentication was designed to add an additional layer of protection to passwords against phishing. Unlike passwords, you can’t create a weak passkey and so passkeys are already resistant to phishing since they can't be phished like a traditional password because the underlying private key never leaves 1Password.

    Passkeys can be considered to have the same level of security as a password plus two-factor authentication which means that you don't necessarily need to setup a second factor like you did with passwords. Does that clarify the situation? Let me know if you have any questions.

    -Dave

  • r3r344r4
    r3r344r4
    Community Member

    Thanks Dave - that's helpful. Just to clarify, are you saying that a passkey is effectively equivalent to 2SV (not 2FA)? That is, using a passkey would be similar in security to storing both my password and TOTP code in 1Password. Which means that maintaining a truly second factor (TOTP code on another unrelated device, or hardware key) would still offer meaningful additional security?

  • @r3r344r4

    There are some circumstances where two-factor authentication can continue to be helpful. I forgot to mention in my previous reply that the team has published a follow up article that touches upon passkeys and 2FA that goes through some of those circumstances: Passkeys vs. 2FA & TOTP: What Are the Differences?

    Let me know if you have any questions once you've taken a look. 🙂

    -Dave

  • r3r344r4
    r3r344r4
    Community Member

    Ah great, this is what I was looking for, thank you!

  • It's my pleasure! 🙂

    -Dave