When using a passkey with 1Password, it does not prompt for Face ID verification

Joe20
Joe20
Community Member
edited December 2024 in iOS

The issue I want to inquire about is as described in the title. Here’s the situation:

When I use 1Password to fill in a password, whether in a browser or an app, it always prompts me for verification because I’ve set it to require authentication every time (immediately). However, when I log into an app using a passkey with 1Password, I noticed that it doesn’t prompt me for Face ID at all. Instead, it directly bypasses the verification—yes, it just passes through without asking for anything.

Initially, I thought it might be an issue related to caching in the app I was trying to log into. But after redownloading the app, 1Password still doesn’t prompt for Face ID. Even after reinstalling 1Password, the issue persists. Currently, the apps where I use passkeys for login and have noticed this issue include OneDrive, Uber, Adobe, and NordVPN. Essentially, this behavior occurs with all the apps where I use passkeys.

The iPad version of 1Password also seems to exhibit the same behavior. To reiterate, when using passwords, everything works fine—1Password prompts me for authentication. However, with passkeys, it bypasses verification entirely and logs in directly.

I hope this is a minor issue that does not compromise security. I would appreciate it if someone could provide an explanation. I find it very strange that it bypasses verification entirely, even when I have set the security option to require authentication every time. Thank you!

Additional information: On the iPhone, the behavior is that after restarting the device, 1Password will properly prompt me to use Face ID to authenticate the passkey the first time I use it. However, from the second time onward, it no longer prompts for Face ID.

Additional information 2: When I use the passkey stored in Apple’s built-in Passwords app for authentication, it always prompts me to use Face ID. Therefore, from a security perspective, 1Password should also require Face ID authentication every time I use a passkey. Once again, I want to emphasize that I have set the "Lock on Exit" option to "Immediately.

1Password Version: 8.10.56
Extension Version: Not Provided
OS Version: iOS 18.2
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @Joe20! 👋

    Thank you for the report! Our team is aware of an issue on iOS where, after one successful biometric unlock, subsequent attempts to login using passkeys wouldn't require another biometric unlock until the AutoFill extension restarts (for example, if Safari was closed and then re-opened).

    A fix had already been coded and our development team is currently testing that fix internally. We hope to release the fix to the beta and then the production version of 1Password for iOS as soon as possible.

    Let me know if you have any questions.

    -Dave

    ref: dev/core/core#34781