Q - What exactly happens when we unlock an already trusted app with a passkey?

Question

I was wondering.

When we unlock an installed app, let's say 1Password on the browser on ChromeOS, we have to log in again with a passkey.

I suppose this is necessary to get again the key to the vault itself, be it from our system or from your system.

(I will call this key the master key, forgive me if it is wrong.)

The question is: when unlocking the 1Password app with a passkey, is there (a) new a handshake with the server for security purposes, so it is not necessary to store an obfuscated master key on the system, or (b) the passkey handshake is done locally, just "unmasking" the master key stored on the device?

Thank you.

1Password Version: Not Provided
Extension Version: 2.18.1
OS Version: ChromeOS  119.0.6045.212
Browser: Chrome

1p_dave · Answer

Hello lengotengo! 👋

Thank you for the questions! Our Security Design white paper goes into detail about how passkey unlock works both during the initial authentication process and for subsequent unlocking of the 1Password app. Please see Unlock with a passkey or single sign-on on pages 42 to 48 and Device keys used with passkey and single sign-on unlock on pages 80 to 81:

1Password Security Design

Let me know if you have any questions after giving that a look. 🙂

-Dave

Forum Discussion

Q - What exactly happens when we unlock an already trusted app with a passkey?

1 Reply

Recent Discussions

Password update

Performance issues with 1Password for Mac 8.10.78 (desktop app)

1Password Popup won't Open up

Side Scroll Bar Overlapped by other UI Element

[rbcroyalbank.com] Unable to fill login credentials