1Password: Passkey support is coming in June
1Password revealed plans this week to launch passkeys support in June 2023. The announcement was published on the same day that Dashlane, another password service, announced support for passwordless sign-ins as well.
Starting in June 2023, 1Password customers may switch to using passkeys for authentication. New customers may also create passkeys directly during sign-up, making them the first users who never set an account password at the service.
1Password is a member of the FIDO Alliance, which plans to establish the passkeys standard across the industry. Google, Microsoft and Apple are also members of the group, which almost guarantees success, as the three are dominating operating systems and also browsers.
Google enabled support for securing Google accounts with passkeys this week, which should give the new system's popularity a significant boost.
1Password published a sneak peek video in which it demonstrates the core functionality.
Passkeys are created on the user's device and public bits are shared with the service they are created for. Once set up, users may sign-in to these services using their device PIN or biometric authentication. A password is no longer required at any step of the sign-in process.
One of the main security advantages of passkeys is that common attacks, including phishing and brute-force attacks against passwords, are no longer a threat.
There are downsides. When a user loses access to a device, e.g. through theft, damages or other means, then it may become difficult to restore access to accounts, especially if it was the last device of the user with passkeys set up. Recovery keys are supported, but users need access to these.
All services that roll out passwordless sign-in support continue their support of traditional password-based authentication methods. These are not going away any time soon.
1Password announced in January 2023 that it planned to become the first password manager without requiring passwords. It did not manage that, as some password management services, such as NordPass, added support for passkeys already to their products.
The company has received criticism lately regarding a change to a subscription system and the retiring of classic browser extensions, which were the last option for users to use local password vaults.
In closing, most password management service will introduce support for passkeys in the near future. This is true especially for online password management solutions, but local solutions may also introduce support at one time.
Now You: do you use passkeys already? Does your password manager support them?
There are so many questions around this, in particular around the risk of being locked out of your accounts; would it be possible to get a deep dive on ghacks?
What if I set up a passkey on my home computer, travel to another location and don’t have access to the home computer?
What if I set up the passkey on my mobile phone and it gets stolen (or the battery runs flat): how do I access my accounts?
What if the passkey is on my mobile phone and I travel abroad without a data plan for a foreign country: am I locked down until I find WiFi somewhere?
etc etc