Two keys representing passkeys.
Image: 1Password

On June 6, 1Password will take a big step away from passwords by allowing customers to save and sign into online accounts with passkeys via the 1Password browser extension. The extension puts 1Password instances in the log-in fields. It allows users both which enables customers to use vault-linked biometrics to sign into accounts.

In July 2023, the company will go further, releasing a beta that lets users sign into their 1Password vaults with a public/private encrypted passkey.

Jump to:

Tipping point for passkeys with acceptance by tech giants and e-commerce platforms

The evolution of identity management away from methods requiring memory, lists and, yes, password managers, got help last month from Apple and Google, which have paved the way with multi-device passkey sign-in capabilities. According to the industry standards group, the FIDO Alliance companies — including PayPal, Yahoo! Japan, CVS Health and Shopify — are providing their customers with passkey sign-ins.

SEE: Too many passwords, logins, accounts causing security, transaction problems (TechRepublic)

“Our mission is to help people safeguard their digital identities and by doubling down on passkeys, we’re providing users with both greater security and ease of use,” said Steve Won, the chief product officer of 1Password, in a statement. “Passkeys have reached a tipping point and people are beginning to navigate a hybrid state of authentication methods.”

According to 1Password, with the new system:

  • Passkeys are synced across devices and all platforms, and 1Password automatically remembers which websites and apps users have signed in with passkeys.
  • Passkeys can be shared securely with other 1Password users by simply adding them to a shared vault or providing access to anyone via item sharing.
  • An alert on 1Password’s Watchtower notification interface informs users when the apps and services they use start supporting passkeys so they can upgrade their logins (Figure A).

Figure A

1Password’s login will accept passkeys instead of passwords.
Image: 1Password. 1Password’s login will accept passkeys instead of passwords.

Research: Customers ready, willing, and able to switch to passkeys

According to research by 1Password, when consumers were shown an example of passkeys, 75% said they’d consider using them. Sixty-five percent of respondents to the April 2023 survey in which the study is based said they are open to technologies that make life simpler, and 75% stated they would consider using passkeys. Nineteen percent said they would start using passkeys as soon as they’re available.

FIDO Alliance issues UX guidelines for passkeys

For its part, the FIDO Alliance, of which 1Password is a board member, released this week a set of passkey user experience guidelines based on contributions from over 79 product, design, accessibility, marketing and technical leaders from 31 companies, including 1Password, Google, Trusona and U.S Bank.

“Since we first announced the concept of synced passkeys a year ago, we’ve seen remarkable market interest and significant early adoption as businesses around the world accelerate their efforts to eliminate the threat and hassle of passwords,” said Andrew Shikiar, the executive director of FIDO Alliance, in a statement.

UX: Three keys to passkeys

The Alliance offered three principles for content framing the passkey user experience, recommendations informed by content the group tested on a group of U.S. participants using a  Figma prototype and a live demo website:

  • Pair passkeys language with wording users know since passkeys are a new concept for many users.
  • Use clear “create account” or “create passkey” messaging before the OS dialog and a confirmation or success message after.
  • Use passkey prompts and information across multiple areas to encourage users to try passkeys at account-related moments in the customer journey (Figure B).

Figure B

Prompt to create a passkey uses simple explanations, instructions.
Image: 1Password. Prompt to create a passkey uses simple explanations, instructions.

Shikiar recently told TechRepublic that companies like 1Password are very well positioned to make the transition to encrypted keys, in part because they inhabit an intermediate zone between individuals worried about their digital footprints (link) and losing control of personal data, including logins, to e-commerce platforms that are perpetual targets for data exfiltration.

“A lot of consumers use password managers because they live in a multi-platform world. Password managers give you independent cross-platform implementation and independent options,” he said. “For consumers, if they are comfortable using password managers today, they’ll be comfortable using them with passkeys.”

He said the FIDO Alliance’s goal is to create opportunities by working on ways to formalize a process so companies like 1Password, Dashlane and LastPass will be able to manage passkeys and protect important user credentials.

“There are some 950 FIDO-certified products for the enterprise workforce and for consumers. The benefit of open standards and certification around that is it creates competition, with interoperable specifications. It has been interesting to watch the vendor ecosystem iterate and innovate and find ways to add value to customers while also competing with each other,” he said.

When will passwords be past tense?

Shikiar does not see passwords vanishing soon, but rather coexisting with passkeys at least over the course of the next three to four years as every major consumer service online rolls out passwordless sign-in options.

“The next generation of digital natives? They may not even know passwords. It won’t be long before we look back on passwords as we do on dial-in modems,” he said.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday