PayPal and Passkeys

ausernie

I am able to successfully generate a Passkey on the PayPal site and it is being stored in 1P. However, whenever I try to sign in using the Passkey, 1P pops up, I select the option to sign in with the passkey however, it is never successful. I have to revert to password & 2FA (using Authenticator App).

I have deleted the Passkey and regenerated several times, all to no avail.

Any suggestions as to what is going on please?

---

1Password Version: 8.10.32
Extension Version: 2.22.1
OS Version: macOS Sonoma 14.4.1
Browser: Safari

bspachman

+1 from me. I've generated passkeys for as many sites as I can find, and they often work seamlessly (as advertised). PayPal exhibits the behavior you documented, both on the main site, and when triggered as part of an online merchant process.

brad

EvonG1P

Hello @ausernie, @bspachman! Thank you for writing in.

I'm sorry to hear about the problem you're bumping into with 1Password passkeys on the PayPal website. I've done some testing on PayPal's website using a passkey but haven't been able to recreate the same behaviour on two different browsers.

What happens to the passkey pop-up after clicking the "Sign in" button? Which device and browser did you use to create the PayPal passkey? Is there an error message?

I look forward to hearing back from both of you! 🙂

-Evon

bspachman

I tried to attach a screen recording of 2 attempts made this afternoon, but mp4 filetypes don't seem to be allowed. You can see the attempts [here]

[link removed by moderator]

Attempt 1:

• Switch to Safari
• Unlock 1P ahead of time using Apple Watch
• Navigate to PayPal, click 'log in'
• Both the 1P passkey prompt AND a system prompt show up.
• Can't click the 1P prompt until the system prompt is dismissed
• After dismissing the system prompt, the 1P prompt is ignored.

Attempt 2 (immediately following Attempt 1):

• Re-navigate to PayPal, click 'log in'
• 1P prompt appears, but clicking on it results in an error about invalid credentials on the PayPal login screen.

I do not recall how the passkey for PayPal was generated, but it was most likely done from macOS Safari.

brad

ShoxJeanz

I think PayPal only does it for passkey on mobile site or mobile app.

EvonG1P

Hello @bspachman, thanks for getting back to me. Since this is a public forum, I removed the link to the video because it contained your email address.

May I ask if Safari's passkey manager is turned off?

1. Open Safari. Click "Safari" in the macOS menu bar and select "Settings".
2. In the AutoFill tab, ensure all four options are unchecked.
3. In the Passwords tab, click "Password Options" and ensure "AutoFill Passwords and Passkeys" is turned off.

Additionally, can you remove and recreate the passkey on PayPal's website using 1Password for Safari on macOS? After that, test signing into PayPal's website using the passkey.

Let me know how that goes.

---

@ShoxJeanz, PayPal recently updated their website; we can create a passkey using Safari or Chrome on macOS. I've asked the team to update the https://passkeys.directory/details/pay-pal/ website to reflect the update.

I hope that helps.

-Evon

bspachman

@EvonG1P

Thanks for the link edit--I was aware that I had left my email address un-redacted. Just relying on 1P password generation strength :-) As long as you had a chance to view the screen capture...

Your questions:

• Safari auto-fill settings are mostly set as you define (I leave "auto-fill my contacts" turned on)
• Auto-fill passwords & passkeys is (and was) turned off.

Regenerated passkey:

• Opened 1P and went to edit mode. Deleted existing passkey for PayPal.
• Logged in to PayPal (used my OTP from 1P as usual)
• Navigated to the PayPal passkey settings--oddly, there were none visible.
• Generated new passkey, 1P asked to update the appropriate PayPal record.
• Huzzah?
• Turns out that I had forgotten to save my changes in the 1P application when I deleted the original passkey, so I was still in edit mode. The new passkey did NOT actually save into 1P--probably because edit mode was active?
• 2nd time was the charm--re-regenerated the PayPal passkey and it saved properly in 1P.
• Login with passkey now works (though PayPal still asks for OTP, but I would guess that's on their end, and I don't want PayPal to trust the browser).

So some guesses...

• Perhaps @ausernie has the same problem that I did, and has a passkey in 1P, but NOT actually on the PayPal site.
• Unexpected behavior with the browser extension trying to update a 1P record while that same record was open and being 'edited' in the 1P application.

Thanks for prodding me to double-check the PayPal side of things!

Best,
Brad

ausernie

Hello @EvonG1P, sorry to have taken so long to respond.

Steps taken are:

1) Create passkey on PayPal site using 1P
2) Open std window, navigate to PayPal and click Login
3) 1P pops up dialogue box to select Passkey
4) 1P submits Passkey however, PayPal responds with Insert Your Passkey" dialogue
5) Retry using Safari Private Windows
6) Same result.

Dave_1P

@bspachman

I'm happy that everything is working now. 🙂

@ausernie

Thanks for those screenshots. Judging from those images, that's what I would expect to see if you had setup a security key for two-factor authentication for your PayPal account. Can you check the following:

1. Login to your PayPal account using your password.
2. Click on the gear wheel at the top of the screen and then click Security.
3. Click 2-step verification.

Do you see a security key registered here? If you do then remove it and try to login using your passkey again. Note, the steps to reach the security key settings on PayPal might differ a little for you since I'm using the Canadian site.

-Dave

ausernie

Hello @Dave_1P, you are indeed correct. I had created a passkey stored on my YubiKey.

I have subsequently deleted it so that only the passkey stored in 1Password now exists. I was able to successfully authenticate using the Passkey however, I was then prompted for an authentication code (also generated by 1P). :-)

Successfully turned that off and now, I'm finally able to login to PayPal in Safari, using a passkey stored in 1P!

Have logged off and on a couple of times now and it seems to be working fine in Safari.

Attempted to login to PayPal using Google Chrome (in both std and InCognito modes) and initially had some issues. Scrubbed cached history and that seemed to do the trick. Am now able to also login successfully via Chrome using a passkey stored in 1P.

Now, if only Firefox (my preferred browser) was supported!

Dave_1P

@ausernie

I'm glad that you were able to get things working in both Safari and Chrome. 🙂

Now, if only Firefox (my preferred browser) was supported!

Just to clarify: is there something about PayPal that doesn't support Firefox? You can find 1Password for Firefox here: 1Password: Password Manager – Get this Extension for 🦊 Firefox (en-US)

-Dave

ausernie

@Dave_1P, I was referring to the fact that I am unable to use passkeys when using Firefox. I've been using the 1P extension for years with no issues.

Whilst I have you, I am somewhat concerned that I've had to remove MFA from my PayPal account in order to use passkeys seamlessly.

That's great if I am able to login with my passkey stored in 1P, e.g., when using Safari. However, I don't see any way to completely remove my password from my PayPal account so that the only way I can authn is using a passkey and only a passkey.

Doesn't that introduce a scenario where my PayPal account could be compromised?

BTW, due to these concerns I have reinstated MFA and now have to provide MFA as well as passkey.

To my way of thinking, it sort of defeats one of the primary reasons for moving to passkeys.

I've attached a screenshot of the PayPal prompt I encounter when using Firefox. There's no option to authn using passkeys so I end up using my password. :-(