Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Passkey algorithm support
Recently I began a passkey integration and I'm using 1password to test things out. There are a great deal of passkey algorithms that exist: https://www.iana.org/assignments/cose/cose.xhtml#algorithm...
1P_Dave
Moderator
ModeratorHello passkeyin​! 👋
Thanks for the question! I want to start by clarifying that ES256 has not been deprecated for passkey use due to weaknesses. The WebAuthn spec continues to include ES256 (alg: -7) as a valid option in pubKeyCredParams:
The following COSEAlgorithmIdentifier values are NOT RECOMMENDED in pubKeyCredParams: -9 (ESP256); use -7 (ES256) instead or in addition.
The ‘deprecated’ label in the IANA registry refers only to the numeric identifier, not the reliability or security of the algorithm, which remains strong and is widely supported by both websites and authenticator apps. Crucially, if you'd like your passkey implementation to also work with security keys shipped before 2025 or with Windows 10, not just authenticator apps like 1Password, you'll need to include support for ES256 (-7). New identifiers for algorithms like ESP256 (-9) are being proposed here:: draft-ietf-jose-fully-specified-algorithms
At the moment, 1Password supports ES256 for passkey use. I'll forward your request that other algorithms be supported to our team so that they can look into this for the future.
-Dave
#39581
