Why passkey login to 1Password?

A major problem for me with the 1password passkeys implementation is that the passkey isn't used for encrypting the unlocking keys, similar to how the secret key + account password is used.

Instead, it's just used to authenticate yourself against the 1password servers for enrolling a new client, and even if you unlock 1Password. According to the security design paper, it's also possible to unlock 1password offline, and in this case the OS biometric system is used. I'm using Windows, so Windows Hello is used to provide and validate my passkey.

According to the security design paper, a "credential bundle" is decrypted by the device key, and the keys required to decrypt the vault data become available.

However, where is the credential bundle stored in this case on my Windows PC, and the device key? I see a possible attack surface on the credential bundle and the device key, because on Windows there isn't a protected storage except in the TPM, and TPM usage isn't mentioned anywhere. So I'd like to see proof that it isn't possible to crack my local 1password database if someone just copies my system disk and gets access to every single file on my computer.

As far as I read, the device key is the crucial part, and on Windows it isn't stored in a secure storage, so it's possible to obtain it from anyone who has access to the hardware.

And that's the difference between passkey implementation and secret key+password: someone with access to the hardware only has access to the secret key. He still isn't able to decrypt the vault data, because he still hasn't the account password, the second half of what is used to encrypt everything.

But with passkeys, you're only authenticating against some API, and this API can be circumvented - you just need to emulate it or provide your own implementation.

A major drawback of passkeys also is the complexity of the implementation. People simply don't understand how it works as a whole. But if you don't understand something, you don't trust it. The inner working is obscure, is a blackbox, and is in vast contrast to the user experience. The user experience is that there is a popup, you click a button, and you're logged in (optionally with a short pin). And I am supposed to trust that what went on behind the scenes that moment is more secure than using userid+password. And that's my acceptance problem. Is all this magic working behind the scenes actually secure? Isn't there any secret data drain to some spyware? Is the good user experience actually just the peak of good program design, or is it just a dummy, and behind the scenes some very primitive and not secure at all mechanism just says: "give him access"?

In the end, it's again a matter of trust. I have to trust people, if they say: "our passkeys implementation is secure, and it is more secure than using passwords". With passwords, I can choose good passwords to control some kind of security level. But with passkeys, I have no control.