Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

mike48397289's avatar
mike48397289
Occasional Contributor
11 months ago

Storing of Passkeys with PRF in 1Password - not currently possible

Currently I can store passkeys fine in 1password and the system is gradually improving overtime

However when using 1password to store passkey for unlocking a bitwarden account I see that 1password does not support PRF encryption for a passkey held in the 1password vault. If I use a yubikey I can get full PRF encryption support leading to a complete passwordless experience with encryption

  1. Is 1password going to support the storing of PRF compatible passkeys in the 1password vaults? This would be useful for many future services, not just bitwarden.

The motivation for the above is driven by a desire to keep using 1password but a limitation of the new 1password passkey approach that currently isnt truly passwordless as per latest beta. It simply displaces the password to a combination of your email credentials and recovery code. As such I need a true passwordless vault to store my recovery code and email credentials, not ideal but necessary till 1password commits to a true passwordless approach.

  1. Is there any committment for 1password to support true passwordless unlock that does not displace passwords to another service? I presume this would use PRF

Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

  • Hello mike48397289! 👋

    Thank you for the feedback on our passkey unlock beta! We’ve built our own solution for handling encryption when using a passkey since emerging standards like PRF and largeBlob are not yet widely supported. Our trusted device solution allows you to securely use passkeys to sign in to your 1Password account on any platform that you use without having to fallback to an account password for unsupported platforms.

    That being said, the future of passkeys is bright and the team is keeping an eye on how the WebAuthn standard, including extensions such as PRF, continues to develop and evolve.

    However when using 1password to store passkey for unlocking a bitwarden account I see that 1password does not support PRF encryption for a passkey held in the 1password vault. If I use a yubikey I can get full PRF encryption support leading to a complete passwordless experience with encryption

    I'll pass this along to the team so that they can look into enchancing support for passkeys that use the PRF extension in the future. Aside from Bitwarden are there any other services that you use that take advantage of PRF?

    I look forward to hearing from you.

    -Dave

    ref: PB-38891392

  • mike48397289's avatar
    mike48397289
    Occasional Contributor

    Thank you Dave

    The main problem with your solution in beta is that it isnt truly passwordless as it simply displaces it elsewhere.

    Currently this is early days as you know. I am very sure many services will eventually move to PRF as passkeys become more common. It is an ideal solution for likes or Proton, Dropbox, Mega, not to mention 1Password...just to name some....

  • mike48397289's avatar
    mike48397289
    Occasional Contributor

    Hi 1P_Dave

    I have just seen the following post. I was very happy to see it. I have just tested it on Bitwarden site and:

    *the passkey saved does not seem to support encryption according to bitwarden
    *1password does not indicate anywhere what sort of passkey has been saved, so I have no way to see what 1password thinks happened (This would be an fantastic feature)

    https://blog.1password.com/encrypt-data-saved-passkeys/

    Thank you