Forum Discussion
Why does the Chrome keyboard shortcut keep reverting/resetting to its original value?
ModeratorI'm sorry that you're both still running into the issue. It's not entirely clear why keyboard shortcuts are being reset for certain users but our development team believes that this is a Chrome issue since we see reports online for users of other extensions as well.
Since we still haven't reproduced the behaviour on our end, can you tell me the following:
- How often do your shortcuts reset? Every day? Every week? Every month?
- Do your shortcuts reset after an update to the 1Password extension? Or after an update to Chrome itself?
- Do you use any other extensions that allow you to configure shortcuts and do those reset as well?
I look forward to hearing from you.
-Dave
#21691
Hi Dave,
Thanks for the quick response. Apologies: I have seven different Chrome profiles, used for various purposes (work & personal), so it is close to impossible to track why and how frequently shortcuts reset. What I know is that the issue is present in all of them, and every time I open the extension's settings for any reason, the shortcut is consistently back (I just checked three profiles; Command+shift+X was active in all of them.
MacOS: 15.5
Chrome version: Version 137.0.7151.120 (Official Build) (arm64)
1Password extension: 1Password Nightly – Password Manager 8.11.2.14
During these early days of inconsistent implementations of passkeys on both client and server sides, these are all legitimate questions, none of which I plan to answer directly.
If we only consider 1Password on the client side and passkeys handled as a first and only identification and authentication method on the server side - as some good sites and services do - then the entire process of logging in is clicking the button on the modal to log in. That - by any standard - is easy and the technical details of the process make it categorically more "secure" than all the other methods.
If you want a picture of the future, imagine a boot... I mean this process, but without all the passwords and second factors.Then your session cookie gets stolen by the automatically updated browser extension which went rogue.
- 1P_SimonH
Community Manager
Hi snoringelephant,
Can you confirm for everyone reading this that you are not a 1Password employee and we didn't pay you to write this so we could start ranting about passkeys? 😄
We have this great FAQ about passkeys that answers some of your questions, though it's a couple years old and 1Password has more robust passkey capabilities these days. I also want to call out this helpful comment on the 1Password subreddit from a user giving a great overview of passkeys and their advantages.
To add my own two cents:
From the sites that I've seen offering passkeys, you're right that they're still almost always offering a username/password option to authenticate, which reduces the benefits. If we get to the stage where passkeys are the only option, though, we'll see some significant advantages:- No more having to change passwords because of a data breach.
- Today's social engineering and phishing attacks to get passwords won't be a threat.
I appreciate your kind words about how 1Password makes it easy to log in even with long, complex passwords and we try and make that as easy as possible. We know passwords will be around for a long time, but there's a lot of excitement about what passkeys offer for security.
Hello 1P_SimonH ... Thank you so much for your response (and AJCxZ0 ). I took a few days off, so I am just getting back to replying to this thread -- although I did see, read and appreciate the replies when they were first written.
Yes, I can confirm I am not a 1Password employee and I am not a paid actor 🕶️
Both articles were helpful and corrected my misunderstanding about the authentication flow (specifically that passkeys are authenticated at the client and, therefore, are not subject to a 'man-in-the-middle' attack during the authentication flow).
Both articles, however, claim that passkeys never leave the device which is not exactly true. "Passkey Managers" (like 1Password) save and sync the passkey (generated on Device 'A') using their own central storage and synchronization methods for the purposes of being able to use the passkey during the authentication flow on Device 'B'.
I'm not saying storing & syncing passkeys is a bad thing. I think it is fundamental in a world where people own so many different devices. This is where statements like "The private key is stored securely on your device" throw me off. When using passkey managers like 1Password, I would expect the passkey to ONLY be stored in 1Password. Storing the passkey on the actual device it was generated on isn't required and, arguably, should NOT exist on the device.
I would be curious to know if 1Password leaves the passkey as some type of 'breadcrumb' on the original device that generated it or not. Do you know, 1P_SimonH ? (or am I supposed to be asking ChatGPT these days 🤦♂️ ).
As always, thanks for sharing your human thoughts.
