Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Disable 2FA after creating passkey?
Looking for some feedback regarding the use of Passkeys.
If you create and store a passkey for a particular web site that previously you used ID, password, 2FA, you may still get prompted for 2FA even after providing the passkey. You could get around this by disabling the 2FA for your account on that site, but is that really a great idea? Your password still exists on the site, you just are not using it to login any longer now that you have a passkey. But an adversary can still attempt to use your ID/password to login, and if you have 2FA disabled he would not be required to MFA if your password is known to him. Sounds like a bad idea right, or am I missing something here?
Now about using the passkey in 1Password. Once you save the passkey, should you disable Sign In Automatically so that 1Password doesn't attempt to use the password instead of the Passkey?
Thanks.
1 Reply
To your 2FA question, I'm curious about this. I observed that that with Docusign. I had a password and passkey, but Watchtower still prompts to create 2FA, so I'm guessing best practice is to keep the 2FA. Or it's a bug.
To your second question, that's up to you. No one has access to my laptop and my vaults are set to auto lock quickly and require biometric authentication, so I choose the convenience of autofill.
