Confusion about passkeys
Comments
-
I can appreciate and agree with the comments and observations by @brettn . I struggle with the same types of issues on understanding how to best use the passkey feature of 1Password.
I looked at the instruction page referenced by @Dave_1P and I don't really feel I am any closer to feeling comfortable enough to embark on changing my password management approach to embrace passkeys (currently, I have opted out of 1Password offering to store passkeys due to this feeling).
One thing I struggle with is the fact that 1Password seems to collide with other software on the same device competing to save/use the passkey (either Apple keychain -- or Apple's new Password Manager or Windows Security). The above screenshot provided by @brettn looks like some of this competition in action and it ends up making things confusing for the end user.
The cross-platform and cross-device nature of 1Password is the primary reason why I am such a strong proponent of 1Password. It took me a while to figure out how to best use the "One Time Password" (OTP) 2FA feature of 1Password and I love it. Before embracing the OTP feature, I was using a variety of code generator authenticators (Microsoft Authenticator, Google Authenticator, Entrust, etc.) but they were only available on my mobile devices (e.g. iPhone & iPad), so if I was working on my Windows PC and didn't have access to my mobile device, I was screwed.
The ubiquity of 1Password is its biggest strength. My computing world consists of multiple iPhones, iPads, Mac Books, Mac Minis, Microsoft Windows and Linux devices. Not all of these devices have biometrics or facial recognition. So, for example, if I am creating a new account on my Mac Mini and it asks me to create a passkey, I don't have a fingerprint sensor or facial recognition for it to use to create a passkey. Under these circumstances, I have learned that creating a passkey requires the password used to login to the Mac Mini (in lieu of the typical biometrics).
Based on my understanding of the explanations in this thread, this generated passkey is just like any other generated password. Therefore, it doesn't matter where the passkey was generated. It can be generated from any of your devices and the fact that you are saving it in 1Password gives you this cross-platform access to the passkey (because you know how to login to 1Password on different devices).
I suspect that I will eventually become more comfortable with passkeys over time; however, I am still struggling with understanding the 'flow' of creating and using them given the implementation inconsistencies across websites and 'smart' browsers trying to inject their preferred method of saving/accessing these keys.
0 -
Thank you for the reply. You wrote:
One thing I struggle with is the fact that 1Password seems to collide with other software on the same device competing to save/use the passkey (either Apple keychain -- or Apple's new Password Manager or Windows Security). The above screenshot provided by @brettn looks like some of this competition in action and it ends up making things confusing for the end user.
Have you run into this issue yourself? If you have then have you turned off the built-in password manager on that device: Turn off the built-in password manager in your browser
If you have and you still saw the passkey prompt from the operating system/browser and not 1Password then can you tell me which operating system and which browser you were using when you saw the prompt? Do you have a screenshot of the prompt?
-Dave
0 -
@Dave_1P -
My comments were more about commiserating with the original post and expressing my thoughts about the general confusion rather than reporting a specific problem.
As I indicated, I have many different devices. Each device has multiple browsers (yes...I sometimes choose Safari over Chrome or Chrome over Edge or vice versa, etc.). THEN, in the case of Chrome, I have multiple different profiles whose 1Password extension has to be configured individually (for example, I have up to 13 different Google profiles I can use - see below) ... per device.
Getting my 1Password extension configurations consistent in all of these places is difficult...so migrating to using passkeys is challenging (especially if you are unsure and less confident about how the flow works).
0 -
Thanks for the clarification. To save and sign in with passkeys you need to install 1Password in the browser in each of those profiles. But that's the same thing that you would need to do to save and fill passwords, you don't need to do anything special in terms of configuration for passkeys in the browser.
Once 1Password in the browser is installed in a Chrome profile, you can start using passkeys in that profile: Save and sign in with passkeys in your browser
-Dave
0
