If I use a passkey aren't I making my login less secure?

Hi @richardwarriner, thanks for your question!

Passkeys can provide the same level of security as a password plus two-factor authentication, with a lot less friction as they are two factors of authentication built into one. Passkeys cannot be remotely phished, socially engineered, or leaked. Those are the threats that two-factor authentication was designed to protect against.

In testing, I've found that accounts have continued to support an MFA option in addition to passkey sign in. So, you can sign in with your passkey saved in 1Password then use MFA to complete the flow. If you prefer to use both, you can likely continue doing so for the foreseeable future.

While I anticipate migrating away from MFA where passkeys are available, I can personally think of a few situation where I might want to keep MFA. For example, when visiting, younger members of my family often play games on my personal computer. Perhaps not the textbook definition of a "malicious actor" but if I forget to lock 1Password, having that extra layer of protection for banking or similar websites would certainly be appreciated if someone gets curious.

Let us know if you have any questions or if there's anything we can help with!