1Password is doubling down on its bid for a passwordless future, as the password manager is now letting users unlock their accounts with a passkey instead of an account password and Secret Key.
Now in public beta, the new Passkey Unlock feature aims to make unlocking accounts completely passwordless – taking the legwork out of creating new passwords or trying to remember a complicated phrase.
When users join and create a new 1Password account, they can opt to use a passkey instead. This doesn’t require a 1Password account password or look after a Secret Key, just the passkey.
As for how it works, passkey relies on public-key cryptography, which uses a public key and a private key. When creating an account, users are given a private key that is never shared with 1Password, while the public key is stored on the password manager’s servers to verify logins. This is a secure way to defend against phishing attacks.
This way, even if hackers access these servers, they wouldn’t be able to access any user’s online accounts, as they would still require a private key that’s only available to the user.
In case there’s an emergency, 1Password also offers “recovery codes.” This safety net feature lets users access their accounts in case their devices are lost or stolen.
Passkeys have been pushing to become the industry standard for cybersecurity, with tech giants such as Google, Apple, and Microsoft, as well as other websites and apps, supporting the passwordless form of security. Now, 1Password is the first password manager to take the next step.
Currently, Passkey Unlock is only available to new users making individual accounts: “The ability to unlock 1Password with a passkey is currently for new accounts only. Next year, we’ll make this feature available to anyone with an existing 1Password account,” 1Password states.
How to unlock 1Password with a passkey
New 1Password users can join the Passkey Unlock public beta when making an account.
Here’s how to set one up:
- Download 1Password for your device.
- Use a mobile and desktop link to join the public beta.
- Start creating a new individual account.
- Follow the instructions to generate a passkey.
That’s it. Now, you won’t need a password to access your 1Password account.
What is a passkey?
Passkeys are a form of digital identity verification that uses biometric data or PIN to confirm the user’s identity. Instead of inputting a password or confirming through two-factor authentication (2FA), the user can access a device, app or website using a fingerprint, a face scan or a screen lock PIN.
As a push to support a passwordless future created by the FIDO Alliance and the World Wide Web Consortium, Google, Apple, and Microsoft are implementing this form of security onto their platforms as a secure alternative to passwords.
As Google states, a passkey uses a cryptographic private key stored on your devices. This private key stays on the device, or your operating system or an app similar to a password manager may sync it to other devices you own. These sync providers, like Google Password Manager or Apple’s iCloud Keychain, use end-to-end encryption to keep the passkey private. Each passkey can only be used for a single account.
Passkeys are starting to move past the beginning phase, but Google understands it will take time for users to move across from passwords. In the meantime, passwords and 2FA sign-ins still work for Google accounts and more.
Are passkeys better than passwords?
The short answer is yes (so far). According to 1Password, “passkeys are a more convenient and equally secure solution.”
Because of their ease of use and stronger protection, passkeys are better than passwords. While a strong password makes it hard for threat actors to access your online accounts, if they are known, then an account can be easily compromised. Using phishing attacks such as dodgy scam emails and websites or malware to steal personal information, hackers use all forms of cyberattacks to steal passwords. They can also be exposed in data breaches.
A passkey can only exist on a device. “When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and can unlock it,” Google states. This means that hackers would need to have your device and biometric data or PIN to access your online accounts rather than accessing accounts from a different device from another location.
With passkeys still being implemented, it’s difficult to know how threat actors will abuse passkeys. That’s why it’s a good idea to have a backup security precaution regardless of your login process. Check out the best antivirus software to keep your devices safe.