ZDNet | Security

Goodbye passwords? 1Password says it will soon support passkeys

Password on a post it note stick to keyboard

Getty Images

Password manager 1Password is launching passkey functionality in 2023 and in the meantime has setup a demo for users to test the new passwordless experience.

Passkeys use the WebAuthn standard created by the FIDO Alliance and the World Wide Web Consortium, and they serve to replace passwords with cryptographic key pairs — a public key that can be shared and a private key that is not — that allow users to sign into accounts. 

Also: The 6 best password managers

WebAuthn is supported by Google Chrome, Apple Safari, and Microsoft Edge. WebAuthn passkeys also work with biometric systems like Apple’s Face ID and Microsoft’s Windows Hello feature. 

Once enabled, 1Password will join Apple, Google, and Microsoft, which have already made passkeys available to developers and users for their respective browsers and operating systems. PayPal last month added support for passkeys on iPhone, iPad and Mac for signing into PayPal.com. The devices need to be on iOS 16, iPadOS 16.1, or MacOS Ventura. PayPal passkeys sync with iCloud Keychain to make it easier to sign in.   

Passkeys are more resistant than passwords to phishing and comprised credentials by way of brute force attacks on passwords such as password spraying, and also bypasses the need for a two-factor authentication code

Also: Multi-factor authentication: How to enable 2FA to step up your security 

For now, 1Password users need to use Chrome or Chromium-based Edge to use the passkey demo, which uses a fake service called PassParcel to create a real WebAuthn credential that is saved to the user’s 1Password account. 1Password notes that it is adding support for Firefox and Safari “soon.”

1Password has also created a helpful passkeys directory displaying popular websites that support passkeys. 

As 1Password notes, the main advantages of passkeys are that they’re strong by default and they don’t need to be remembered since they’re stored on the device, while the private key isn’t shared with the website being signed into. Also, the public key can’t be used to guess the private key. 

READ MORE HERE