Password manager 1Password will let you protect your vault of passwords with a passkey starting this summer, embracing an authentication technology designed to be as easy to use as passwords but more secure.
Password managers are great when it comes to creating and remembering the dozens or hundreds of passwords we have in our lives, but that single password can be a point of weakness for a hacker trying to gain access to all your accounts.
“For passkeys to be the way forward, it’s not enough for them to replace some of your passwords,” Chief Product Officer Steve Won said in a blog post Thursday. “They have to be able to replace all passwords — including the one you use to unlock 1Password.”
Apple, Microsoft, Google developed passkeys with technology they helped create in an industry group called the FIDO (Fast Identity Online) Alliance. Passkeys use an approach related to that of hardware security keys, the strongest login technology around, but are designed to be easier to use when logging in to an app or service.
To use passkeys, you’ll need a possession of a device like a phone or PC registered with the app or service and a second authentication step it performs, most likely a biometric scan of your face or fingerprint. Passkeys advocates believe they’ll be as easy to use as passwords, but much safer.
Among their advantages: They block phishing attacks since they simply don’t work on counterfeit websites designed to fool you into sharing your login. And passkey login takes place on your phone or PC, which means there’s no password data a hacker can steal from a cloud service.
1Password has a second authentication protection called a secret key needed to access your password on a new device, but even so, you don’t want a hacker getting your 1Password master password. But passkeys are better, Won said, “a win-win for both security and usability.”
Apple added passkey support to iOS in 2022, and Google is adding it this year to Android after adding it to Chrome in 2022. Most of us are likely to establish, store and sync passkeys using Google or Apple password managers, though 1Password competitor Dashlane started beta-testing passkey support for logging into passkey-supporting sites and apps in November.
With 1Password’s approach, once you set up passkey authentication on one device, for example your phone, you can extend it to another trusted device using existing passkey QR code technology, 1Password said.
Among sites that support passkey login are eBay, PayPal, Okta, Docusign, Microsoft and Robinhood.