I love Passkeys, and also believe that Passkeys will, eventually, eliminate my need for 1Password (which I like — but would like to not need!). macOS/iOS Passkeys automatically sync to all my devices, they’re not a text string, they just work.
So, imagine my surprise when I just went to create a Passkey for Nintendo, and found that 1Password blocked and hijacked the system Passkey prompt… in favor of their own.
Just a convenience? Or artificial lock-in to protect 1Password’s future? Hmm
@cabel This was handled really poorly by 1Password. The discovery is terrible and I think a user should have been prompted for such a radical change and no real indicator how to bypass it.
@cabel so frustrating! I had the same experience yesterday and had to disable 1Password in Safari. What seems like a hostile user experience change may not be a mistake.
@cabel I think this makes sense from the perspective of minimizing confusion. It might be unintuitive or surprising for people who use 1Password if their passkeys silently end up split-ecosystem in iCloud instead.
@cabel this is a super bad take. Apple added Passkeys support for third party apps so you can use your regular password manager. Passkeys are a replacement for passwords, NOT for 2FA. It’s literally no different than generating a password and storing it in 1Pass, except a passkey is virtually impossible to guess or brute force.
You still need to have your second factor away from your Mac. Your passwords are stored in 1Pass and so should your passkeys.
@tekeous@cabel passkeys are very different from passwords - they’re public/private key pairs, and the private key never leaves your computer. The other side could get their database posted online and it would not hurt you, in terms of security
@lkanies@cabel this isn’t different from properly hashed and salted passwords on the server side, and the private key does indeed leave your computer, whether that be by iCloud sync or 1Password sync.
It’s a bad take to accuse 1Password from taking over when they are doing their job of password and passkey storage. Passkeys are not a replacement for 2FA.
@tekeous@lkanies The system has been handling Passkeys for me for the last 8 months, when all of the sudden 1Password decided it would do it instead. It’s that sudden switch that caught me by surprise. I’d love to have been asked at least! (I feel like good password security is a fundamental right that shouldn’t have a monthly fee and I’m glad it’s being baked into the OS — also glad 1P can offer more features and still be a product.)
@cabel@tekeous agreed that a sudden change is a problem. And yeah, would love to have good versions of this built in. Doesn’t help that 1password seems to be working hard to lose us as customers
@cabel Disable the setting “Stop competing sign-in pop-ups in the browser”. This is expected and desired behavior if only using 1Password, and can be disabled if not. You can also disable passkeys altogether (without disabling passwords) if you don’t want to use them in 1Password. These two options are in the same settings section.
@cabel I see this as a feature not “lock-in”. I really don’t want the browser / OS prompt confusing things… If a day comes when I want to stop using 1Password I’ll remove the extensions and make the transition.
@cabel I remain uneasy about storing ALL my passwords/passkeys behind (effectively only) my device's pin code. With stories (like by WSJ's Joanna Stern) about people's phones being stolen after the criminals shoulder-surfed their pin codes. And then immediately changing the iCloud password. At which point they have FULL access to all the passwords/passkeys on the device, don't they (pls correct me if I'm wrong)? If they're in 1PW, at least it's protected by am entirely different password, right?
@cabel@chris I would offer to hold your hand, Cabel, but I feel like that would be a workplace no-no.
In all seriousness, the worst thing that happens during import is that some items aren’t imported (and we’ll tell you about them), due to a conflict. We’ve crafted it to never overwrite data — just add.
@cabel people have been griping about 1Password for 2 or 3 years now. But I feel people that routinely have to deal with one or two non-Apple platforms aren’t going to have a choice but keep it around. Others don’t like to adopt Apple standards.
@cabel The exact same thing happened to me when creating a Passkey for my Nintendo account. It’s the first time I’ve seen 1Password take over like that.
@cabel I was able to choose where the passkey was stored. When I enable both iCloud Keychain and 1Password in the password settings in my iPhone, I got this prompt when I went to create a passkey:
@ezwal Interestingly, that’s a dialog provided by iOS. Over here on the Mac side, the browser extension must be hijacking passkey creation?! I’m not sure I understand any of this haha
@cabel Ahh haven’t tried the browser extension yet with passkeys.
I tend to use 1P on my Mac with the quick access thingy anyway. I haven’t thought out my future path with all this passkey stuff - so far they are all in iCloud.
@cabel i specifically want 1password to take over Apple's half baked implementation. also I need access to my passkeys on windows and linux. 1password it is for me until Apple actually makes the password manager a standalone app AND support at least windows if not linux as well. Apple's lock-in is worse than 1password because 1pass at least have clients everywhere (android too!)
@radu Well I am 1000% with you on the fact that passwords need to be a standalone app!! (But did you know you CAN access Apple Passkeys on Windows? You just scan the QR code on your iPhone.)
@cabel I don’t want to have my phone with me everywhere so I can login into stuff… at that point it’s not a password manager, it’s a password wallet linked to my phone
@cabel When I do the same, I get prompted to choose iCloud Keychain or 1Password. No hijacking. So there must be some setting for this.
I was able to create two passkeys this way. One in each pw manager.
@cabel Good catch. Just tested on macOS where it behaves differently due to the 1P extension. It does hijack it, but I can click on the little hardware key symbol to trigger iCloud Keychain.
@cabel As a 1Password user that's looking forward to to passkeys, this is exactly the behavior I'd expect. If you're all in on 1Password for managing login details, it makes sense you'd continue doing that and would be confused to have Passkeys stored with Apple, but everything else stored with 1Password.
@clayton_oneill I see that — except I’ve been using the system dialog to do this for the last six months (because 1P didn’t have support for it) and suddenly that dialog is just… gone? Doesn’t that seem a LITTLE presumptuous as far as the user is concerned?
Add comment