Why do sites that I’ve enabled passkey on still hold my asterisked password?
Ok, I’ve set up passkey on a couple of sites, Adobe and Google. Both show registered passkeys. I get the little 1Password dialogue asking me to sign in and it all seems to work ok…however on looking at my account details on these sites, although it shows a passkey is registered for each it also shows and asterisks in a field next to ‘password’ Maybe I don’t understand this fully, but I though the whole idea of passkeys was to use a PKI model where the traditional (legacy) password was no longer stored anywhere in the site you’re logging in to, hence there would be no credential to hack or steal?only a public key which would be useless to anyone.
My assumption is that these passwords shouldn’t exist or be required one on that site you’ve moved to passkey on that site. Can some one explain how passkeys increase your security IF the website still has a record of your password?
Regards,
DBS.
1Password Version: 8.10.18
Extension Version: 2.15.1
OS Version: Ios 17.0.3
Browser: Safari
Comments
-
Hello @deltabravosierra! 👋
Thanks for the question! Passkeys are still very early days and different websites have decided on different implementations. Some websites will allow you to completely replace your password with a passkey and then forget your password, most websites currently seem to allow you to add a passkey as an alternative sign in method but still keep the password option.
Since not all devices support passkeys you might need your password to sign in to your account on those devices.
Let me know if you have any other questions. 🙂
-Dave
0 -
Ok, that’s fair enough.
Thanks for the reply.
0 -
I'm happy to help. 🙂
-Dave
0
