Our community is getting an upgrade on July 2nd! Learn more in the FAQs →
Forum Discussion
[Feature request] Option to require biometrics for passkeys- currently security hole on Google
I have seen this sentiment in a few other posts, but wanted to make sure it is seen and considered. Passkeys are currently treated as having a built-in 2FA since most people will be storing their passkeys on device and following the rules of the big tech companies..
Just today I was looking at my Google search history and saw an option to require 2FA to view the history. The only 2FA option available was a passkey. They are viewing passkeys as proof that the person using the device is who they say they are.
Currently, the only way that my 1PW passkey can provide that proof is to fully lock 1Password at all times, which many of us find inconvenient and unnecessary as the vast majority of our logins do not require this level of proof.
I want 2FA authentication in this case because I think that the most likely people who would want to snoop on someone's search history are people who are generally close and trusted enough to leave my laptop open near. For a 1PW user that doesn't keep 1PW constantly locked, there is essentially no 2FA possible. And other companies have already followed Google's lead.
I think that this implementation would bring 1PW into the mainstream spirit of what passkeys are intended to be.
1Password Version: 8.10.40
Extension Version: 2.27.1
OS Version: macOS 14.6.1
Browser: Chrome
4 Replies
- 1P_Dave
Moderator
Hello eastvillain and moamick! 👋
I'm sorry for the delay in replying to this thread. 1Password is a universal credential manager that enables you to sign in to websites and apps using any credentials: password, passkey, supported providers like Google or Apple, and more.
In all cases, your credentials in 1Password, including a passkey's private key, live inside your encrypted 1Password vault. You can only access them after proving your identity to 1Password. When you unlock 1Password (via Face ID, Touch ID, biometric, account password, or device passcode), that unlock event serves as the authentication gate and user verification.
There is no second biometric prompt because you've already proven who you are by unlocking 1Password. You can adjust when, and how often, 1Password locks: Manage your unlock and auto-lock settings in 1Password
That said, I’ll share your feedback with the team so they can consider it as we continue improving and refining our passkey support.
-Dave
1Password_Community laureng_1password 1P_Phil
We're currently restricting the use of Passkeys for our employees because there is such a blatant security gap. The point of a Passkey is to verify the individual accessing the service/login. By not requiring a biometric each time a Passkey is used it opens up bad actors that have ported into a computer to be able to utilize Passkeys if the user is logged into 1Password.
1P_Community 1Password_Community 1P_Tommy
Are there any plans to implement this? As a business owner and 1Password Teams manager, I'd much prefer the use of biometrics every time use of a Passkey is attempted. We're currently having to tell employees not to save Passkeys in 1Password because of the blatant lack of security.
