It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
If I use a passkey aren't I making my login less secure?
I understand a lot of the benefits that passkeys offer such as domain spoofing etc but it seems to me that if I migrate to them that I am making things less secure.
If I currently log in to somesi...
Hi,
you are not missing something.
This topic has been discussed with the saving of 2FA in 1P (search in the forum for a good read).
It is multiple things at the same time :
usability, convenience vs extra-security
In the end, it all depends on the risks you think you might face (with any solution).
In fact, it is the security of the device where 1P is installed which count (1P itself is really good).
1P is offering a huge convenience in usage with the passkey but I agree it feels a little too easy.
When passkey safe stored in a system, they are not in easily portable to another. 1P solves that and will extend it over time.
If you are the kind of person who use a double blind password(pwd stored in 1P should be completed each time with your own salt): you might feel unsafe.
I would like to suggest the dev to add an option to validate the usage of passkey (even some items or 2FA stored in 1P) via another device, a fingerprint or something else.
This would be optional and per item eventually.
For now, nobody is forcing you to use passkeys. So, it is up to you to use passkey in 1P or not.
Still your accounts are all tied to your email or phone number. From a security perspective, access to it must be strictly secured (i.e. if preview is allowed for emails / sms on your phone screen notifications > that might be enough to reset am account password).
With multiple devices, each one can be the weak point...
