Passkey/ FIDO2/ webauthn

MrLaurensH

I am quite confused rn. I was changing my Facebook credentials today, and I saw the option to add a security key as 2 step verification method, just out of curiosity I pressed on that button and to my surprise is was able to save the key (which 1password called a "passkey") to my vault.

Did Facebook start supporting passkeys, or is 1password simulating physical key like a YubiKey? What is the difference between passkey implementation like google/ Microsoft and Facebook?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

ag_tommy

@MrLaurensH

I'm not seeing a mention of a passkey being supported by Facebook in the passkey directory. You may have accidentally saved the Security Key as a passkey type. In previous situations like this you'll likely be unable to use this to access the account.

https://passkeys.directory/

During the security key/passkey save process you'll want to select the security key icon provided you're attempting to save a security key.

MrLaurensH

@ag_tommy

I am more looking for e technical explanation into the differences between passkeys and security keys, some say the are exactly the same, while others say the opposite. For example I want to save a 1password security key to my windows 11 pc as a 2fa option, which is currently not available, but why can 1 safe a passkey from https://www.passkeys.io/ demo on my same windows 11 pc? This doesn't make any sense if they are using the same tech.

me trying to store a 1password security key:

me trying to store a https://www.passkeys.io/ passkey:

If they both use the same tech (with just a different implementation), why can I safe A but not B?

Dave_1P

@MrLaurensH

Thanks for the reply. Both passkeys and hardware security keys are a type of Web Authentication (WebAuthn) credential. WebAuthn is a standard developed by the FIDO Alliance (of which 1Password is a member): FIDO2: Web Authentication (WebAuthn) - FIDO Alliance

You can consider there to be two distinct classes of WebAuthn credential:

1. Credentials for sign in, these are typically passkeys that you've saved in a credential manager like 1Password.
2. Credentials for two-factor authentication, these are typically stored in a hardware security key like a YubiKey.

I don't recommend that you use a passkey as the second factor for your 1Password account since you may not be able to use that passkey to authenticate your account in the app on all of your devices. Our documentation suggests that you use either a TOTP authenticator app or a hardware security key if you choose to enable two-factor authentication: Use your security key as a second factor for your 1Password account

Regarding why Windows may prompt you to save a passkey in some places but not others that would be a question for the Microsoft support team. If you're interested, you can also save your passkeys in 1Password itself using our browser extension: Save and sign in with passkeys in your browser

I hope that helps.

-Dave

MrLaurensH

@Dave_1P
Thx for your reply, isn't 1password also working to implement passkeys as a passwordless sign-in method?

"You can consider there to be two distinct classes of WebAuthn credential:

1. Credentials for sign in, these are typically passkeys that you've saved in a credential manager like 1Password.

2. Credentials for two-factor authentication, these are typically stored in a hardware security key like a YubiKey."

But are these 2 on a technical level the same, with just a different implementation?

Dave_1P

@MrLaurensH

We are indeed working to implement passkey unlock for 1Password itself! The feature is currently in beta and only available for new accounts created through the beta, not existing accounts. You can find details here:

• Unlock 1Password With a Passkey: Now in Beta
• Unlock 1Password with a passkey (beta)

But are these 2 on a technical level the same, with just a different implementation?

They're very similar since they're both a type of WebAuthn credential which is why you might see a prompt appear asking if you'd like to save a passkey when you're trying to add a physical security key.

If you're looking to add second factor authentication to an existing 1Password account then I recommend that you either add a TOTP authenticator app or a physical security key.

-Dave