Annoyed by passkeys
Is it me or were passkeys really implemented that badly? With PayPal I was able to log in smoothly with username/password and 2FA via 1Password. With passkey? Annoying popups and 2FA no longer works automatically. And there it is again, the constant, stupid switching back and forth between 1Password and another application. Why 2FA with passkey at all? Passkey is practically 2FA personified. What is this? Or am I too stupid?
I really deleted it from my PayPal account. Now it's working fine again.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi there @passwordnerd
You're right that some websites, like PayPal, have implemented passkeys in different ways from others. On mobile, 1Password can auto-copy a one-time password to the clipboard after it autofills a username and password for a website, but since using a passkey works differently, 1Password isn't informed that this has taken place, and so it can't auto-copy a one-time password in the same way.
As you've found, you may well be able to choose to turn two-factor authentication off for a website or app that uses passkeys (if they allow that), and this will definitely grease the wheels in getting you signed in – a bonus if it's an app you might use a lot, like PayPal.
I hope that answers your question fully, but please do let me know if I can be of any further help. :)
— Grey
0 -
Thanks for the feedback. That was helpful for me because now I know I'm not crazy. I'll keep an eye on that, and I'll try disabling 2FA. On the other hand: As long as it is also possible to log in via user/password, don't I create another vulnerability? Why does it all have to be so exhausting?
0 -
Thanks for the reply. Unlike passwords, you can’t create a weak passkey. Passkeys are generated by 1Password using a public-private key pair, which makes them strong and unique by default. Passkeys can’t be phished like a traditional password because the underlying private key never leaves 1Password – this also makes them resistant to social engineering scams.
Some websites will allow you to remove the username/password entirely but others require that you keep both options. Part of the reason why many services leave passwords as a fallback option is because, for their website and apps, passkeys may not be supported across all devices and platforms yet. Even if you can't remove your old password then you still get the benefit of increased protection from phishing every time that you use your passkey to sign into a website or app.
If you do keep your passwords alongside your passkeys for certain websites, make sure that all of your passwords are strong and unique: Use the password generator to change and strengthen your passwords
Let me know if you have any questions. 🙂
-Dave
0