Why You Can Trust CNET 1Password Tests Passkey Login to Unlock Your Password Vault
Passkeys are easier to use and more secure than passwords, tech's biggest companies say. They're trying to nudge us into the "passwordless" login era.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Password vaults can be unlocked with Touch ID or Face ID and no password in a test version of 1Password.
1Password has begun testing a way to access the app without its namesake password, adding an option to use newer passkey technology instead. The change, which uses a quick biometric check to unlock and use your password vault, could help improve the widely used password manager's security.
The software's primary job is to create, store, sync and autofill passwords for all the apps and websites you use. Until now, its password storage vaults have been protected by its own password (in combination with a secret key the first time you used 1Password on a new device). But now 1Password developer AgileBits has begun a private test that'll let participants unlock their password vaults with a passkey instead.
The test works on iPhones, Macs and web browsers, but it's a private beta and testers will have to set up a new account to try it. Android, Windows and Linux support will come later, as well as the ability to upgrade an existing account, the company said. 1Password aims to release the technology to everyone by the end of 2023.
1Password is CNET's current pick for best premium password manager. See how it compares to the competition in our guide to the best password managers of 2023.
Passkey unlock for 1Password is designed to be easier to use than passwords. By default, 1Password's phone apps require you to retype your password every two weeks. But with a lower-hassle passkey authentication, you might be more inclined to keep your vaults locked, reducing risks from stolen devices.
"Unlocking 1Password with a passkey offers the best of both worlds: best-in-class security paired with maximum convenience," AgileBits said in a blog post.
Passkeys are a newer authentication technology designed to leave behind the shortcomings of password-based login. They are the top example of products developed for the "passwordless" era that tech companies are trying to gradually move us toward.
Interested in trying it out? "We recommend that folks sign up for our passwordless newsletter so they can be notified if and when seats in this private beta become available," the company said. If you're not a 1Password customer, you can also use passkeys on Android, iOS and web browsers with Apple and Google software that doesn't use 1Password at all.
How passkeys work
Apple, Google and Microsoft helped develop passkeys to be as easy to use as passwords but much more secure. To use a passkey, you typically perform a face or fingerprint biometric authentication step on a device that stores the passkey. If your biometrics don't work, you can use the fall back to the device unlock procedure and type in your device's passcode.
The combination of device possession and biometric check counts as strong two-factor authentication that's more secure than a password alone or weaker two-factor authentication measures like login codes sent by text message.
In June, 1Password began testing the ability to store passkeys in its software and to sync passkeys across devices.
Password problems are abundant. Because they're hard to remember, we tend to reuse them on lots of websites and services, multiplying the ability of a hacker who obtains a password. Password managers make it easier to create strong, unique passwords, but they can be complicated to use.
Passkeys aren't without complications, though. For now, Apple can sync passkeys across Apple devices and its Safari browser, but Google syncs them across its own products. 1Password and another password manager adding passkey support, Dashlane, add extra management responsibilities.
You can set up separate passkeys to sign into the same site, though -- for example logging into Gmail with your Android phone and with Safari on your Mac. Passkey proponents are working on passkey import and export tools to ease such hassles.
Passkeys use technology called public key cryptography that's also used to secure countless online connections. Passkeys only work with the website or app they were set up with, blocking the use of fake websites to fool you into sharing your login credentials.
Google has enabled passkey login for its online services like Gmail, WorkSpace and YouTube, and its tests show passkey authentication is twice as fast as password login.
Apple, too, has embraced passkeys for signing onto iCloud and other Apple ID-based accounts with the upcoming iOS 17 and MacOS Sonoma.