[Feature request] Option to require biometrics for passkeys- currently security hole on Google
I have seen this sentiment in a few other posts, but wanted to make sure it is seen and considered. Passkeys are currently treated as having a built-in 2FA since most people will be storing their passkeys on device and following the rules of the big tech companies..
Just today I was looking at my Google search history and saw an option to require 2FA to view the history. The only 2FA option available was a passkey. They are viewing passkeys as proof that the person using the device is who they say they are.
Currently, the only way that my 1PW passkey can provide that proof is to fully lock 1Password at all times, which many of us find inconvenient and unnecessary as the vast majority of our logins do not require this level of proof.
I want 2FA authentication in this case because I think that the most likely people who would want to snoop on someone's search history are people who are generally close and trusted enough to leave my laptop open near. For a 1PW user that doesn't keep 1PW constantly locked, there is essentially no 2FA possible. And other companies have already followed Google's lead.
I think that this implementation would bring 1PW into the mainstream spirit of what passkeys are intended to be.
1Password Version: 8.10.40
Extension Version: 2.27.1
OS Version: macOS 14.6.1
Browser: Chrome