Is 1Password now storing non-discoverable credentials and calling them passkeys?
1Password just let me add a passkey from a site that in all other environments they only create non-discoverable credentials. How can this be?
1Password Version: Not Provided
Extension Version: 8.10.48.25
OS Version: Windows 10
Browser: Chrome
Comments
-
Hello @LearningCyber! 👋
Thanks for the question! 1Password only supports discoverable credentials, the credential is stored inside of your 1Password vault and can be found without the website knowing ahead of time who the user is. You can read more about the difference between discoverable and non-discoverable credentials here:
The underlying storage of the webauthn credential in 1Password is the same whether the credential is used for sign-in (a passkey) or a second factor (a security key). Discoverable webAuthn credentials, such as those stored in 1Password, are called passkeys.
-Dave
0 -
Thanks, I understand the difference between discoverable and non-discoverable credentials which is why I was confused when 1Password created a passkey at vanguard.com.
Since no other combination of authenticator/browser/OS I have found or heard of behave that way at vanguard.com. So why is this?
It is unfortunate that the non-transparent interaction between the RP/Client and Authenticator in the name of reducing complexity just creates confusion when different environments behave in different ways.
BYW it would be great news to many vanguard users if they were on their way to support passwordless sign-in using passkeys but since none of our FIDO2 security keys have discoverable credentials everybody would have to re-register them once again.
0
