Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
How do I disable passkey support?
How do I disable all prompting or integration for passkeys in the 1password browser plugin for safari?
Hello ProratedMongoose! 👋
Thanks for reaching out! Is there a particular reason why you wanted to turn off passkey support for 1Password in Safari? Passkeys are the future of authentication and I would recommend upgrading to passkeys wherever possible: Save and sign in with passkeys in your browser
That being said, you can turn off passkey support by following these steps:
- Open your browser.
- Right-click on the 1Password icon in your browser's toolbar and click Settings.
- Click Autofill & save.
- Turn off "Offer to save and sign in with passkeys".
If you're an administrator for a 1Password Business membership then you can also turn off passkeys for your entire team using app usage policies.-Dave
1P_Dave
Moderator
ModeratorHello ProratedMongoose! 👋
Thanks for reaching out! Is there a particular reason why you wanted to turn off passkey support for 1Password in Safari? Passkeys are the future of authentication and I would recommend upgrading to passkeys wherever possible: Save and sign in with passkeys in your browser
That being said, you can turn off passkey support by following these steps:
- Open your browser.
- Right-click on the 1Password icon in your browser's toolbar and click Settings.
- Click Autofill & save.
- Turn off "Offer to save and sign in with passkeys".
If you're an administrator for a 1Password Business membership then you can also turn off passkeys for your entire team using app usage policies.
-Dave
A bit late to the party, but I'll be happy to answer why I'm not interested in passkeys.
In addition to just being clunky to use, no one has been able to satisfactorily explain how to recover them when *all* the trusted devices are lost or stolen.
Because if the fallback in those situations is to use email verification (which so far it looks like every site will use), then why bother with passkeys when the system can be forced into a very insecure access method (and that of course, assumes that the email account isn't also protected by a lost passkey). Login security is only as secure as the least secure fallback method.
The issue with 1P is that it prompts on every single page refresh on a site to create a passkey. if I've said no, then darn it, stop prompting me on that site. So my only other alternative is to disable it completely (which I've now happily done thanks to finding this thread).
Passkeys need more time in the oven. Fine for corporate internal use, where there's a helpdesk that can help recover account access (or be socially engineered to provide it, but that's another story). Completely different situation for consumer sites where you can never get a human being to assist.
- 1P_Dave
Thank you for sharing your perspective! If you use 1Password as your passkey authenticator app then you'll be able to sign into any website that you've saved a passkey for as long as you have access to 1Password on one of your devices. You can avoid losing access to 1Password by doing the following:
- Download and save your Emergency Kit
- Create and save a recovery code
- If using 1Password Families, add another family organizer
If you do lose access to a passkey then most websites will offer a backup method to regain access to your account however the exact method used will differ from website to website.Login security is only as secure as the least secure fallback method.
Not necessarily. Even if you have weaker sign-in methods available as an alternative, each time that you use a passkey to sign in you're benefitting from increased protection against phishing since a passkey will only ever work on the website that it was saved for.
The issue with 1P is that it prompts on every single page refresh on a site to create a passkey. if I've said no, then darn it, stop prompting me on that site.
That doesn't sound right. 1Password should only offer to save a passkey if a website tries to generate a passkey, the passkey prompt from 1Password only appears if it detects a webauthn request being made by a website. Are you able to post a screenshot of the prompt that you see? And the website that you see it on?
-Dave
Right, but the challenge is that 1Password and the browsers fight over controlling the passkeys (it's really bad actually), so it's never clear which one is generating and owning them (for my work machine, where I have to use them, some are in 1P, some are in browser, and some, somehow, are in both). And if it's in the browser, then that's tied to that specific device, and if it's lost, it's a bad day (especially if all your accounts - including email - are protected by passkeys).
The only real advantage, as you note, is against stolen passwords (e.g. fake site), but 1P already protects against that by it's domain validation feature. Since both passwords and passkeys fall back to email resets, in the end, all your account security boils down to how secure is your email password (and email service/server), which is often the one thing that people don't secure properly. And if that service is protected by a passkey, and then you lose the device, trying to get a person at google or microsoft to actually respond and help recover it is right up there with self-service brain surgery in terms of painful.
For the specific issue, Chewy.com on the autoship page, as I was navigating between my different autoship records, prompted to create a passkey on every single one. That was the final straw that got me to disable it across the board.
In the end, passkeys are something from the enterprise world that aren't ready for end-user computing. They focused on security architecture and design, rather than usability and completely missed the downside use cases.
- 1P_Dave
Thanks for the reply. I'll reply below:
Right, but the challenge is that 1Password and the browsers fight over controlling the passkeys (it's really bad actually),
Just like having multiple password managers enabled at the same time will produce conflicts when saving and filling passwords, the same thing can happen when using multiple passkey managers at the same time. I recommend that you turn off the built-in password manager using this guide: Turn off the built-in password manager in your browser
If you've done that already and still see conflicts then can you tell me which browser you're using?
And if it's in the browser, then that's tied to that specific device, and if it's lost, it's a bad day (especially if all your accounts - including email - are protected by passkeys).
When you save a passkey in 1Password, that passkey is encrypted and backed up to your 1Password account and available on all of your devices so that you retain access to it even if the original device is lost.
That being said, most built-in passkey managers also offer the ability to sync passkeys.
For the specific issue, Chewy.com on the autoship page, as I was navigating between my different autoship records, prompted to create a passkey on every single one.
I created a test account for chewy.com and navigated around a site a bit using Chrome but I didn't see any passkey prompts. If you're willing to troubleshoot this further, could you try to reproduce the issue again and create a screen recording of what you see? Once the screen recording is created please send an email to support@1Password.com and include your community username and a link to this thread.
After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and send you a secure upload link for your screen recording.
-Dave
