Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Private beta: Unlock 1Password with a passkey
Hello everyone! 👋 Today, I’m pleased to announce the private beta of unlocking 1Password with a passkey! This private beta is an important step as we move toward our goal of releasing this capability for everyone later in the year, and we’re extremely excited for you to test what we’ve been working on. Important call outs: You must create a new 1Password test account with a passkey using an iPhone or iPad. This should be treated as a test account, as it’s a temporary way to try an experimental feature. It’s free to set up and test for the duration of the beta period. It doesn't replace your existing 1Password account. You can add trusted devices to unlock 1Password with a passkey on iOS, macOS, and the web. Adding trusted devices is crucial to accessing your new 1Password account with a passkey on additional devices. How to get started: You should have received an email with instructions and links on how to access the private beta, but for a quick reminder – follow along here: Turn on iCloud Keychain on all of your devices and make sure you're signed in to the same iCloud account. Download TestFlight for iOS from the App Store, if you don’t already have it installed. Use the link provided in your email to join 1Password on TestFlight. Accept the 1Password invitation within the app. Visit our sign-up link provided via email to create and unlock a 1Password account with a passkey. What’s coming next? Here are the features and functionality that you’ll see in the public beta and general release of unlocking 1Password with a passkey later this year: The ability to create a new 1Password account with a passkey on other platforms – not just iOS and iPad OS. The ability to unlock 1Password with a passkey on Android, Windows, and Linux. The option to update your existing 1Password account, so it can be unlocked with a passkey. The ability to secure a 1Password account with both a passkey in addition to a traditional account password and Secret Key. The option to secure a 1Password account with multiple passkeys tied to different devices. Recovery codes that allow you to unlock 1Password in the event that you lose your passkey and other trusted devices. Our private beta is just the beginning so please keep in mind, this is an early access feature. Your feedback is crucial to helping us perfect the public version of using a passkey to access your 1Password accounts. Your questions, comments, and advice will help us shape the future of 1Password. You can also learn more about the private beta by reading our support article. On the forum, feel free to create threads anytime you have a question, concern, or just product feedback. You’ll find your fellow testers and 1Password product & engineer teams will join in. Thank you for all your support and feedback. Happy testing!
Passkey unlocked using device passcode
Hi, A silly question, maybe, regarding unlocking 1Password with a passkey. I was one of the private beta users and, while I found it very convenient, there is an aspect that worries me a lot. Probably it’s just me not understanding the details, that’s why I am asking here. In the blog post describing the introduction of passkeys to unlock 1Password (https://blog.1password.com/unlock-1password-individual-passkey-beta/) you can read: “Once you’ve created a passkey, you can unlock 1Password by using biometrics or, as a fallback, the passcode that protects your device. You can then use your first device to set up more trusted devices with 1Password.” Let’s imagine that someone has access to my iPhone and tries to get into 1Password. Biometric will not work, as his face is different from mine. With the current master password, he needs to guess a long and complex sequence of letters, numbers and special characters. Very difficult. With the passkey, he will only need to guess the passcode that protects my device. Much easier than my master password. Entropy level of the secret key of the passkey pair can be as high as possible, but if anyone can access it with the phone passcode (usually 6 digits, nobody will ever use a 26 characters random password as a phone passcode), can someone explain me how the passkey is as safe as the master password in a situation like the above? Thanks! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedReally like what's coming next!
I'm liking the list of features coming to passkey unlock. This helps settle some of the questions I had: The option to update your existing 1Password account, so it can be unlocked with a passkey. The ability to secure a 1Password account with both a passkey in addition to a traditional account password and Secret Key. The option to secure a 1Password account with multiple passkeys tied to different devices. Recovery codes that allow you to unlock 1Password in the event that you lose your passkey and other trusted devices. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedHardware Passkey n of m
Hey there, guys. Is there a way that you could have 2/3 hardware passkeys needed to decrypt an account? This would be amazing - because it would strike the perfect balance between resilience and security. The ability to use a hardware passkey to unlock a 1PW account is great. But it is a single factor. You could up that by using a Yubikey Bio - to combine both biometrics and ownership as factors. But both factors are still collapsed onto a single TPM. Ideally 2 keys at least. But then for added resilience, N of M would be great. Usecase E.G.: 2 of 3 officers are needed to unlock an account that stores crypto seed phrases / private keys for an exchange or any other extremely important secret. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Use of PRF extension
Hi, I've tried out the beta to unlock 1Password with a passkey, and it seems to work well, but I'm surprised that passkeys only serve the purpose of authentication. According to the white paper, the actual encryption key is stored on the already logged in clients, wrapped by a key provided by the server when the authentication succeeds. This is different from the way Bitwarden has released its passkey unlock beta. The encryption key is directly derived from the passkey using the FIDO2 PRF extension. This allows the use of security keys as passkeys. I know that 1Password does support physical tokens as passkeys too, but it is not of much use, since you need a trusted device to transfer the encryption key anyway, which means you can not rely on your key as a backup method. The absence of PRF also means that users can not take advantage of the passkey backup offered by Google Password Manager and iCloud Keychain. I think that the ability to set up PRF with supported authenticators would be a great addition to the system. It would allow a much more consistent experience and would probably prevent some account losses due to the recovery code not being saved (or access to the associated email being lost, e.g. because it was stored within 1Password). I know that not all platforms currently support PRF, but it is already quite widespread, as from what I have tried, at least Android, Chromium and YubiKeys do support it. Even users of unsupported browsers would benefit this feature since they could temporarily use a supported platform to regain access when needed. By the way, based on my test with Bitwarden, 1Password as an authenticator (for third-party websites) doesn't seem to support PRF. This would be a great addition too, because it's the most practical way to use zero-knowledge encryption with passkey login, so we can probably expect more and more websites to implement it. Thanks a lot for your work! Guillaume 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Why passkey login to 1Password?
I can't understand the reason to spend development dollars to enable passkey login to 1Password account. I must be missing something here. I am a huge fan of passkeys and 1Password as the repository for all my passkeys, but logging into 1Password with a passkey makes no sense to me. My assumption is that to login to 1Password with a passkey, that passkey has to be stored on a device. For iOS/Mac that is iCloud keychain. For Windows, Linux, Android, or any other platform it will be stored somewhere else. Now the passkey, which is the gateway to my digital life, is stored in a whole bunch of places, with associated security or lack there of. If this assumption is correct, then 1Password seems to be passing off the security of the whole platform to other platforms which means it is out of their control, and inherently less secure. (iPhone passcode could give access to iCloud Keychain for example). One other question, if I loose all my devices, how do I get access to my 1Password account? No passkey or other logged in device available to validate. I go to 1password.com and ??? Help me understand why passkey login to 1Password is a benefit worth doing and using? Thanks! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Passkey unlock options
I see in your future plans that you will support unlocking 1password from multiple passkeys from different devices. This is great because, obviously, we all want some "backup" way to ensure access to our data. Will you also support hardware security keys, such as a Yubikey? I find the Yubikey to be too cumbersome for daily use. But it does make a very nice (and secure) last resort authentication method. It would certainly be a more secure "last resort" than using a passphrase. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
1Password Passkey Unlock (Production Release)
I understand reasoning for not announcing specific dates. On the other hand, what about realistic long term timeframes (6,12,18, 24 months) 😏 ? Just wishing 🙂 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
After a Phone upgrade can't authorize my new device using Chrome.
Steps: I try to use passkey on my iPhone to unlock. get the screen asking to grant access. I follow the instructions logging in to 1Password to the same account in chrome. I get the pop up asking if I want to allow the new device, I click Allow. I get a code. I enter the code in my iPhone. The pop up on my Laptop goes away, but on the Phone I have a message: "That code didn't work. Check your trusted devices for a new one. I go to Pending Devices, click on View, get another pop up. Click on Allow. I get this message: "There is a problem with this enrollment. It will be deleted. Error: The enrollment is in an invalid state. Start the enrollment process again to continue. Session:REDACTED Time: 2024-10-07T22:18:20.867Z" 1Password Version: 8.10.46 Extension Version: Not Provided OS Version: ios 18.0.1 Browser: Not Provided
