Passkey and unlocking 1Password with it (biometrics) in iPhones

Hello prime! 👋

I'm sorry for missing your post and I'm happy to respond to some of your concerns.

Folks will soon be able to unlock their 1Password account with a passkey instead of a Secret Key and account password – this removes the need to remember a strong and unique password. Customers can add trusted devices to sign in to their account using the same passkey. As with account passwords, inside 1Password isn’t a good place to keep the passkey for 1Password. Instead, we’ll rely on solutions – such as iCloud Keychain – provided by platform vendors, to sync and sign in to 1Password itself with passkeys.

We're bringing forward this innovation as a way to better protect your data. Unlike passwords, you can’t create a weak passkey. Passkeys are generated by your device using a public-private key pair, which makes them strong and unique by default. Passkeys can’t be phished like a traditional password – this makes them resistant to social engineering scams.

The attack that you mentioned would require that a malicious actor has access to both your physical device as well as that device's passcode. To help guard against such an attack I recommend that you:

1. Use Face ID or Touch ID to unlock your device when in public so that eavesdroppers can't spy on you entering your device passcode.
2. Set a strong passcode, you don't need to use a simple PIN but can choose a strong custom alphanumeric code: Set a passcode on iPhone - Apple Support (CA)

When passkey unlock is introduced for 1Password accounts, it will be an option and not the only way to use 1Password. If your personal threat model requires that you stick with an account password and Secret Key to unlock 1Password then you'll be able to do so.

I hope that helps! 🙂

-Dave

[edit: Spelling and grammar]