Passkeys and change of email address for existing account (possible bug or design flaw?)

Hi

Thanks for this. It is good to shed some light on what is happening behind the scenes.

I accept it is likely something at Adobe's end. But as someone closer to the workings of passkeys than most - are you able to answer:

1. How should a passkey work in the event of a change of email address?
2. Should a passkey be dependent on the email address? or should it be dependent on some other more static item like a unique login ID?

The scenario I encountered is certainly like to occur a lot as passkeys roll out more widely, its the sort of testing that is easily missed as well

I guess I have a reasonable idea of how passkeys are working in principle but there are elements of the detail (higher level detail - not the eye watering one) that I am missing, and I am sure many others too.

Thanks

Hey mike48397289!

While experimenting with passkeys I setup a passkey on my adobe account. It worked with 1password for setup and login. I then noticed it was an old email address so I changed the email address. I was no longer able to use the passkey to sign in and had to use the password. I then deleted the passkey created a new one with the new email address and it started to work.

Before I refreshed the passkey I tried changing the email address in 1password between old and new and it didnt work - I had to create a new passkey after the change of email. It is as though changing the email address invalidated the passkey held in 1password.

This is interesting. To see where the issue was coming from, I saved a passkey for Adobe in my https://support.google.com/chrome/answer/13168025, updated the email address for my Adobe account, and tried signing in with my existing passkey. I was unable to sign in.

Since this is happening with passkeys saved in both Chrome and 1Password, then I believe the root of the issue is from the Adobe side of things. It's likely that Adobe uses your email address to generate your private key (see https://blog.1password.com/passkeys-faqs/ for more info), which is one component of your passkey. If you update your email address, your private key is probably not being regenerated. Removing and adding a new passkey seems like the only way to do it.

I did look at https://helpx.adobe.com/manage-account/using/passwordless-sign-in-adobe.html but I don't see any info about how updating an email address would affect your passkey. For that reason, my suggestion is to reach out to Adobe's support team for clarification. You can let them know that after updating your email address, your passkey can no longer be used to sign in and that this behavior was observed with passkeys saved in different places (Chrome, 1Password).

Let us know how Adobe responds. I'd be interested to learn more about what is happening on their end. In the meantime, if you have any other questions for us here at 1Password, please let us know.