Why passkey login to 1Password?

Hello rallyn1password, oUNderge, and 9elsen! 👋

Thank you for the great questions! I'll answer them below:

I can't understand the reason to spend development dollars to enable passkey login to 1Password account. I must be missing something here. I am a huge fan of passkeys and 1Password as the repository for all my passkeys, but logging into 1Password with a passkey makes no sense to me.

We want to make security simple and convenient. Passkeys are a great solution for the challenges we see some people face with the account password + Secret Key model.

If someone is less technically savvy, they might not understand that they need to have access to both their account password and Secret Key in order to sign into 1Password. Or they might forget where they've stored their Secret Key when they need it. Or they might have a good grasp on how things work when they sign up for 1Password but then run into trouble a year later when they get a new device, try to add 1Password to that device, and find themselves having to remember what terms like "Secret Key", "sign-in address" and "Emergency Kit" mean.

Even if you are technically savvy, the process to add your 1Password account to a new device can be complicated and require many steps. Passkeys make signing into your 1Password account easy, convenient, and secure and do away with the need to memorize an account password and look after a Secret Key: Unlock 1Password With a Passkey: Now in Beta

That being said, if you're happy with the existing account password + Secret Key model then you can stick with that, there's no need to change anything.

If this assumption is correct, then 1Password seems to be passing off the security of the whole platform to other platforms which means it is out of their control, and inherently less secure. (iPhone passcode could give access to iCloud Keychain for example).

If you sign up for the passkey unlock beta then I recommend storing the passkey for your 1Password account somewhere safe. iCloud Keychain is end-to-end encrypted which means that no one, not even Apple, can access your passkey.

Biometrics are used by iOS AutoFill to access your saved passkey in iCloud Keychain. If biometrics fail then your iPhone will indeed fallback to your device passcode which you can change to be more complex if needed: Use a passcode with your iPhone, iPad, or iPod touch - Apple Support (CA)

The iOS 17.3 beta also introduces Stolen Device Protection which will provide an additional layer of security preventing access to your saved credentials in iCloud Keychain if your device is stolen and someone has obtained your device passcode.

One other question, if I loose all my devices, how do I get access to my 1Password account? No passkey or other logged in device available to validate. I go to 1password.com and ???

Folks using the passkey unlock beta are able to generate a recovery code that can restore access to their account if they lose access to their passkey. They can save the code in a safe location, and use it if they need to recover access to their account after losing all other means of access. Access to the email address associated with a 1Password account will still be required for verification purposes.

Our support page includes instructions on how to generate and save your recovery code: Unlock 1Password with a passkey (beta)

I hope that helps! 🙂

-Dave