Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Revisiting minor details of Passkeys
I wanted to generate a few nuanced questions about Passkeys after having using them for a very long time in the context of 1Password.
- I noticed that certain web sites and apps will ask you to create new passkeys even though I have had passkeys for that site for a very long time. The list includes most of the large companies which have been using passkeys for a long time and were part of the early initiatives to roll out passkeys to the general population. Trying to determine any specific reasons for this (ie maybe signing on with a new device, new os Maint or release, new device hardware type like Windows laptop vs Mac laptop, iPhone , android, etc). Only one passkey is saved off in 1Password but curious on what drives the offer to generate a new passkey as it all appears to work seamlessly for the most part.
- Is the initial passkey generation dependent upon the hardware specific encryption/decryption chips available on the different devices? Also, after the initial generation of Passkeys is 1Password just merely storing the passkey in its database, thus allowing for the seamless use across multiple devices?
Thank in advance for your answers!
1P_Dave ,
The "Don't sign in automatically option" is the solution when using the 1password extension. The design of the website is the key as to when you need to set the option because the web page more or less dictates the way the 1password extension behaves as it sees the login form boxes and responds according to the presentation sequences in the order they are presented.
See my dialog and screenshots at the bottom of this discussion for more detail.
3 Replies
- 1P_Dave
Moderator
Hello rickapel! 👋
Thank you for the questions! In general, websites shouldn't prompt you to save a new passkey if you've already saved a passkey for that website. Are you able to post a screenshot of what you see when this happens? And can you share where you've seen this recently?
When a passkey is created, a public-private key pair is created. The public key is stored on the website's server and the private key is stored in your 1Password vault. That private key is protected using the same end-to-end encryption that protects your passwords and other items. This allows you to use the passkey on all of your devices.
-Dave
1P_Dave ,
The "Don't sign in automatically option" is the solution when using the 1password extension. The design of the website is the key as to when you need to set the option because the web page more or less dictates the way the 1password extension behaves as it sees the login form boxes and responds according to the presentation sequences in the order they are presented.
See my dialog and screenshots at the bottom of this discussion for more detail.
Dave,
I just logged in Amazon moments ago and it happened per screenshots below.
Now keep it mind that I still have a pw and OTP defined for Amazon. Since the login is on the 1st screen for all info, 1password drives the login automatically through using userid/pw and then goes to the OTP, then pops up the "Save Passkey" option. Please read my dialog associated with each screen shot I have pasted to see more details.
Before the login my 1pw login entry looks like this. note that I did not include the pw and OTP in the screen shot although it is there.
1PW quickly drives me through the login entering userid/ps (using Safari, 1pw extension, Tahoe 26.1) and then once again prompts me for OTP, then prompts me to save a passkey even though I have one already defined. It is optional to save a new one but it's as if Amazon does not realize I had the public key defined.
My Gut feel I that it might behave differently if I set the "Don't sign in automatically option".
I do know for a fact on 1 screen logins where they advertise the ability to use the current passkey to log in( via a pop up dialog box) , I HAVE TO shut down the auto login ( if they also have the input box for the userid and pw displayed in addition to the passkey dialog box )in order to even get the chance to use the passkey.
I automatically shut down down the auto pw on those logins, but suspect I need to do it for Amazon(even though it is a 2 screen login) as I suspect that in their login logic they are automatically offering up a passkey if the login is driven through using the standard way (which 1pw is doing with the auto login option set) and then just blindly offering up a new passkey.
