1Password has begun testing ways to access the app without a password, adding an option to use newer passkey technology instead. The change, which uses a quick biometric check to unlock and use your password vault, could help improve the widely used password manager’s security.
The software’s primary job is to create, store, sync and autofill passwords for apps and websites. Until now, its password storage vaults have been protected by another password (in combination with a secret key the first time you used 1Password on a new device). But now 1Password developer AgileBits has begun a private test that’ll let participants unlock their password vaults with a passkey instead.
The test works on iPhones, Macs and web browsers, but those accepted into the closed beta will have to set up a new account to try it. Android, Windows and Linux support will come later, as well as the ability to upgrade an existing account, the company said. 1Password aims to release the technology to everyone by the end of 2023.
Passkey unlock for 1Password is designed to be easier to use than passwords. By default, 1Password’s phone apps require you to retype your password every two weeks. But with a lower-hassle passkey authentication, you might be more inclined to keep your vaults locked, reducing risks from stolen devices.
“Unlocking 1Password with a passkey offers the best of both worlds: best-in-class security paired with maximum convenience,” AgileBits said in a blog post.
How passkeys work
Passkeys are a newer authentication technology designed to leave behind the shortcomings of password-based login. Apple, Google and Microsoft helped develop the technology to be as easy to use as passwords but much more secure. To use a passkey, you typically perform a face or fingerprint biometric authentication step on a device that stores the passkey. The combination of device possession and biometric check counts as strong two-factor authentication that’s more secure than a password alone or weaker two-factor authentication measures like login codes sent by text message.
In June, 1Password began testing the ability to store passkeys in its software and to sync passkeys across devices.
Password problems are abundant. Because they’re hard to remember, we tend to reuse them on lots of websites and services, multiplying the ability of a hacker who obtains a password. Password managers make it easier to create strong, unique passwords, but they can be complicated to use.
Passkeys aren’t without complications, though. For now, Apple can sync passkeys across Apple devices and its Safari browser, but Google syncs them across its own products. 1Password and another password manager adding passkey support, Dashlane, add extra management responsibilities.
You can set up separate passkeys to sign into the same site, though — for example logging into Gmail with your Android phone and with Safari on your Mac. Passkey proponents are working on passkey import and export tools to ease such hassles.
Passkeys use technology called public key cryptography that’s also used to secure countless online connections. Passkeys only work with the website or app they were set up with, blocking the use of fake websites to fool you into sharing your login credentials.
Google has enabled passkey login for its online services like Gmail, WorkSpace and YouTube, and its tests show passkey authentication is twice as fast as password login.
Apple, too, has embraced passkeys for signing onto iCloud and other Apple ID-based accounts with the upcoming iOS 17 and MacOS Sonoma.