Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Passkey as security key doesn't work on Vanguard
This is probably more a Vanguard problem than a 1Password problem but it's unclear to me and a search here didn't bring up an earlier post.
TL;DR: using 1PW passkey as a security key on Vanguard (...
Hi @Joy_1P , yes, Vanguard is security key 2FA and not passkey.
"using a passkey in that capacity will not work"
Hrm. Since the OP I have upgraded OS (Mac OS 12.6.7), 1PW (81008042), and 1PW extension (21200201) and it seems like some behavior has changed?
Every site I use that uses security key 2FA will register a 1PW passkey as a security key.
Since you brought up Chrome passkeys, only some sites will trigger Chrome passkey for registration as security key. (Vanguard does not trigger Chrome for passkey.)
I swear that in 21200003 when I set up a 1PW passkey as 2FA on the various sites, I went ahead and tested that I was able to authenticate 2FA. Maybe I stopped testing after the first couple since I would have found the Vanguard behavior at that point.
With 21200201 I can still authenticate 2FA to Dropbox and Github using 1PW passkey. Ditto for Chrome passkeys.
Vanguard brings up 1PW but it fails as in OP.
All other sites now do not trigger 1PW for 2FA authentication.
I can still add the passkey as 2FA on all sites.
I'm not sure what to say here. If the expectation is that a 1PW passkey (or passkeys in general) are not supposed to work as security key 2FA, then 1PW (and Chrome, etc) really should not respond to the security key registration on sites. I don't know enough about the protocol to know if this is possible, though Chrome seems to respond to 2FA registrations at fewer sites than 1PW so this must be possible to some degree. At least put some all-capitals text explaining this when 1PW asks which login to put the passkey in so we can see it and hit cancel.
Unfortunately the more I test sites w/ 1PW and Chrome the less consistent I find the behavior to the point where I've given up.
fwiw, I can't find much on the Vanguard site regarding what their requirements are. "Be sure to choose a key that is FIDO2 certified." They also include Android and iOS devices.
also fwiw, on all these sites (which support >1 security key) I have my Pixel 7 Pro registered for 2FA which works fine. Android seems to have rebranded their security key support as passkey, so that pops up when using it, just to muddle the situation.
also also fwiw, ebay seems to support passkeys not by name but as "Face/fingerprint/PIN sign in" which then still does SMS 2FA, and then they separately have "Security key sign in" which is super confusing. BestBuy supports passkeys by name but also does TOTP when logging in. 🤯
