Passkey implementation and usage

@ag_audrey Hi there, the thread above kind of explains this. With respect to the problem that I was having initially, i.e. the passkey (created by Windows) for DocuSign not sync'ing with my phone (or unable to use the same passkey when using the phone), based on the discussion with Julia, we kind of "soft" concluded that this may have something to do with Android 13.

After I upgraded to Android 14, I was half expecting for things to work properly (yes magically somehow), but the issue remains the same. Perhaps, 1Password needs to be updated to take advantage of whatever Android 14 provides, but this was the reason for my confusion.

Hey lodaka, happy to hear you've upgraded to Android 14! Would you be able to share the aspect that was confusing?

Thought I'd provide an update on this topic now that my phone got an upgrade for Android 14 last night. Nothing changed with respect to the passkey implementation issues -- but more confused in a way.

rickapel Thank you so much for the kind words! Your feedback truly brightens my day. 🌞

julia_v_1P Love the play on words with your community id! You are truly a VIP with the comprehensive answers you provided today.

Hi lodaka

Haha, you caught me! Yes, I've been quite active today. It's always a pleasure to engage with our community and address any questions or concerns. If you have any further inquiries or need assistance, don't hesitate to ask. I'm here to help! 😊

julia_v_1P You must be on forum duty this morning... Your avatar is plastered all over this forum. :)

Hello lodaka,

I'm grateful for your comprehensive feedback and the valuable insights you've provided. Let me dive into your points.

Firstly, regarding your experiment with DocuSign, each website has its own implementation and understanding of FIDO2 and WebAuthn standards. While we strive for a seamless experience, the interaction between 1Password and third-party services, like DocuSign, might not always be straightforward, especially during these early stages of broad passkey adoption. Your feedback in real-world scenarios like this is immensely helpful as we continue to fine-tune our processes.

About Android 13: You're right, and I apologize for any inconvenience this may have caused. As technology evolves, so do the layers of interoperability between systems, apps, and services. We're eagerly awaiting the enhancements coming with Android 14, and we believe they'll significantly improve the passkey experience for 1Password users on Android.

Your enthusiasm for passkeys is infectious and aligns with our vision for a more secure and user-friendly internet. We're always working on educational content, and your suggestion of specific tutorial videos is spot on. Demonstrating the real-world application of passkeys across various platforms and services will indeed be beneficial for our user community.

Lastly, your dedication to promoting good security habits among your circle is commendable. We genuinely appreciate the trust you place in 1Password and your commitment to ensuring a safer online environment for those around you. It's interactions like this that keep us inspired and constantly striving to better our offerings.

julia_v_1P Thanks for some insight. This is very helpful in understanding what probably went wrong in my attempt. The website that I was experimenting on was the DocuSign website, in case this sheds some light.

At least at this point, I don't plan to expand my experiment beyond DocuSign, until I can be sure that I can work with DocuSign first and then see where we go from there.

Your note on Android 14... was very surprising. Yes, I am on Android 13, which probably explains the above issue, although I am still not clear on exactly how a website like DocuSign can determine what passkey I have. However, like most things in life, I suppose I don't need to know how it works as long as... it works. If syncing on 1Password can work seamlessly in the background across multiple devices somehow, there is nothing I want more.

I see some great comments / experiences by others in this thread. I think we are all on the same boat. We are all very security conscious and have been greatly intrigued by the development of passkey. We all want to be as secure as possible on this wild wild west aka the Interwebs. I try and protect the security of the people around my life by "half-forcing" them to use 1Password and teach them about cybersecurity, and most of them begrudgingly go with it, but rely on me to "help" them if things somehow don't work.

I am excited about passkey and have been waiting for 1Password to implement it (beyond beta that is) and was very excited to try and test it out. This tutorial video idea sounds like something that could be helpful, in understanding how passkey works and its limitations as well. I think I've seen enough videos about the passkey concept, but it would be great to see some videos like: "Here is how you set up a passkey on Google on multiple devices" or something similar. Thank you and the other posters. I knew there would be bumps on this road, but it's great to share some of these experiences.

Hello Community Members,

Thank you for your insightful discussions regarding the passkey function in 1Password. Let's address the queries:

For lodaka:

1. When you enable passkey for a website, it's advisable to keep the original password/MFA entries until you're certain the Passkey works seamlessly across all devices and situations. Once confident, you can consider removing the old credentials.

2. Regarding the "Your device is not registered" message: Passkeys can be of two types: single-device credentials and multi-device credentials.

Single-device credentials, like a YubiKey, are specific to one device. They can only be validated on the device where they were initiated. This means if you set up a passkey of this type on one device, other devices won't recognize it.

On the other hand, many in the industry, such as Apple and 1Password, are moving towards multi-device credentials. These passkeys can be synced across different devices. So, even if you establish a passkey on one device, it can be recognized and utilized on another.

However, it's important to note that if you're using an Android phone, passkey functionality is not yet supported. Google is actively developing Android 14, which will introduce APIs allowing password managers like 1Password to create and utilize passkeys within Chrome and other supported apps. Once these APIs become available, 1Password is poised to offer support, enabling more seamless passkey use across Android 14 devices.

To rickapel:

1. Yes, the implementation of passkeys might slightly differ depending on the website's infrastructure and security protocols.
2. Ideally, a passkey should be device-independent. The message lodaka received could be from an additional security layer added by the website.
3. Sharing passkeys within 1Password's family plan functions similarly to sharing any other data type. If you share a link or vault with another 1Password user, they should gain access.
4. At this stage, you cannot import or export passkeys. We’re working closely with platform vendors and other password managers through the FIDO Alliance to create a secure way to import and export passkeys. We believe it’s your choice where to store and use your passkeys. Hopefully we’ll have more to share soon.

For GolferWHH:
Creating a step-by-step tutorial for setting up passkeys across various devices sounds invaluable. Ensuring users transition smoothly to new security measures is a priority. At the moment we have this support guide to help you get started with passkeys: Save and sign in with passkeys in your browser

For wlclev42:
Absolutely agreed. Transitioning from traditional passwords to passkeys is a significant shift, and understanding this new procedure is paramount. We're on it.

In essence, we're evolving alongside advancements in the security realm, ensuring 1Password remains a reliable guardian of your digital life. Your feedback propels us forward, and we thank you for your patience and insights.