What is the advantage of a Passkey over a password?

Hello @gsetser! 👋

Thank you for the question! Passkeys are a modern alternative to passwords – they enable people to log in to their online accounts without having to enter a password.

Unlike passwords, you can’t create a weak passkey. Passkeys are generated by 1Password using a public-private key pair, which makes them strong and unique by default. Passkeys can't be phished like traditional passwords because the underlying private key never leaves 1Password – this also makes them resistant to social engineering scams.

Do I need an additional device to use them.

Nope! Passkeys are safely stored in 1Password itself and they're protected using the same encryption and security as your passwords today.

You can read more about passkeys on our blog:

• What are Passkeys?
• Passkeys: Frequently Asked Questions (FAQs)
• Save and Sign In with Passkeys Using 1Password on the Web and iOS

Let me know if you have any other questions. 🙂

-Dave

@gsetser

Thank you for the reply, I'm happy to answer your questions.

1. If I have a Passkey for a site, can I still use my old password to access that same site?
2. Is it possible to have both a Passkey and a Password for a given site? (I understand that this would defeat the security advantage of a Passkey. I'm just asking.)

For the moment, many websites don't offer the ability to fully remove your password after adding a passkey so you'll be able to sign in using either your passkey or your password in most places. Continue to make sure that all of your passwords are strong and unique: Use the password generator to change and strengthen your passwords

If you're using websites that do fully replace the password with a passkey then you won't need the old password anymore.

3. My laptop is new but my current iPhone cannot be used with iOS17. If I use a Passkey on a given site, does this mean I can ONLY get into that site from my laptop, since I cannot use Passkey on my phone?

Saving and signing in using passkeys with 1Password on an iPhone or iPad requires iOS 17 or later. If you're using an older version of iOS where passkeys aren't available then apps should provide fallback sign in options like a password or magic link (a one-time sign in link sent to your email address).

4. Right now, I can log into a password-protected site from a hotel computer then print a boarding pass from that computer. Is such a thing even possible with a Passkey? I obviously wouldn't want to risk accessing 1Password from a public computer. How would I manage that process using a Passkey with my current phone? With a iOS17-capable phone?

Be careful about signing into websites on public computers, some might contain malware that will monitor what you do on the website or try to steal your credentials. If you're certain that a certain public computer is safe to use then you can sign in with a passkey using an iPhone running iOS 17 or later. This is what the general process looks like:

1. Open the browser on the computer.
2. Find the website's sign in page and choose to sign in using a passkey.
3. The website will display a QR code.
4. Use the Camera app on your iPhone to scan the QR code. A prompt from the 1Password app will appear on your iPhone asking you if you want to sign into the website on that computer.

Once you tap on the prompt from 1Password on your iPhone, you'll be signed into the website on the computer. This also helps you to avoid typing in passwords on public computers. Make sure that you log out from the public computer when you're done.

5. If I set up a Passkey through my Apple iPhone with a specific site, then later want to use that Passkey through 1Password, can I share that Passkey from Apple with 1Password? Or do I need an entirely different Passkey in 1Password to access that particular site?

You'll need to save a new passkey in 1Password and remove the old passkey from iCloud Keychain.

At this stage, you cannot import or export passkeys. We’re working closely with platform vendors and other password managers through the FIDO Alliance to create a secure way to import and export passkeys. We believe it’s your choice where to store and use your passkeys. Hopefully we’ll have more to share soon.

I hope that helps. 🙂

-Dave

@gsetser

I'm happy to help, let me know know if you have any other questions in the future. 🙂

-Dave