Analyze best practices for 1Password passkeys. Tailored for developers and product managers seeking to enhance e-commerce security and user experience.
Robert
Created: June 21, 2023
Updated: September 15, 2024
More and more companies from a wide range of industries are stepping into a password-free world and implement passkeys. Through this series of articles, we aim to provide a comprehensive overview of the passkey user experience of those companies. This should enable you to incorporate these findings and enhance your product login accordingly. In each article, we focus on a single company. Today, we dive into 1Password. Since June 6, 2023, passkeys created on websites can be stored and retrieved using the 1Password beta release browser extension for desktop devices on major platforms and browsers. The rollout of 1Password passkeys is a game-changing milestone on the way to a seamless cross-device usage and full synchronization between all platforms. Platform providers like Apple and Google fully support this approach as well. They incorporate the functionality of password management tools like 1Password directly into their operating systems. This not only allows users to store passkeys in alternative locations beyond the platform's native storage features but also enables password managers to transmit their customers towards a password-free world.
Disclaimer:
In this section, we present the most important insights we have gained from the analysis of 1Password passkeys.
When the 1Password beta release browser extension is active, saving the created passkey is always prioritized within 1Password, rather than using the platform-specific passkey management features. This is because 1Password aims to encourage users to store as many passkeys as possible within their password manager. If users were initially given the option to store the passkey in a platform-specific passkey manager, such as Apple iCloud Keychain, the likelihood of subsequently selecting 1Password as an additional storage option would be significantly reduced. Consequently, the conversion and traction for 1Password passkeys would diminish, impacting their relevance.
Once a passkey has been stored via 1Password, it can be retrieved very easily by the user, as 1Password detects whether an account with passkey has been stored for this website. The retrieval of the passkey can be triggered with a few clicks. It is particularly noteworthy that the user doesnt have to verify his biometric data again when retrieving it. This means that the biometric scan is only required during creation, which makes the login process with 1Password extremely user-friendly.
The 1Password beta release browser extension offers seamless synchronization, allowing passkeys to be synced and retrieved across different platforms, including previously incompatible ones like Apple and Windows. This is the most seamless synchronization we came across so far, putting pressure on major tech players to integrate similar functionalities by default into their passkey management features.
1Password detects for which websites a passkey has already been created and lists them in the 1Password beta release browser extension as well as in the normal 1Password browser extension/app. The detection includes the creation timestamp. Also, 1Password uses the official passkey icon to clearly indicate that it is a passkey. If the user has multiple accounts for a website stored in 1Password, it is possible to select for which account the passkey should be created.
At the moment, the usage of 1Password passkeys is limited to the beta release browser extension on desktop devices. The functionality to save and utilize passkeys with the beta release app on mobile devices is not yet available. Consequently, there is no synchronization of saved passkeys between desktop and mobile devices at this time. However, according to 1Password, they are currently working on developing this feature.
Conditional UI leverages the autofill function passkeys provide. It automatically prefills passkeys as soon as the user clicks on the username input field. This means that users no longer must search for their credentials manually (not even usernames!), as they are already stored in the device / browser and are automatically pre-filled. When websites support Conditional UI, retrieving a passkey created through 1Password can be inconvenient. The issue arises when multiple passkeys for different accounts have been stored for the same website, both in the platform-specific password manager and in 1Password. This creates a problem where the dropdown menus overlap, and the platform-specific password manager takes priority, making it challenging for users to select the 1Password account. However, if only one passkey has been saved in 1Password for the website, users can click on the suggested passkey in the 1Password dropdown menu, but they still need to click the corresponding login button again.
If you have enabled the beta release browser extension of 1Password but prefer to store the generated passkey using the platform's internal storage features rather than the extension itself, there are notable differences in the user experience between Chrome and Safari. In Chrome, the familiar passkey flow is initiated, allowing you to create a passkey after dismissing the automatically appearing 1Password pop-up. However, in Safari, the passkey flow is not triggered, preventing the creation of a passkey. This distinction could be attributed to varying implementations of 1Password passkeys or differing strategies employed by platform operators to accommodate third-party providers and password managers.
1Password has made an official announcement regarding the rollout of passkeys, and users who are unfamiliar with this feature or want more detailed information can refer to their documentation. However, in the 1Password beta release browser extension, there is currently no specific information or explanation provided about passkeys. It is possible that 1Password assumes that users who install the beta release extension to utilize passkeys are experienced users already familiar with this technology. Therefore, the term "passkeys is used without further elaboration in the beta release browser extension.
To make the analysis of 1Password passkeys as comprehensive as possible, we tested the login process with several device-browser-combinations. We have recorded the outcomes in the following use cases. To better understand the use cases, please read through the conceptual definitions of passkeys below before jumping into the use cases.
The creation of passkeys refers to the process of generating a passkey that provides access to specific accounts or services through biometric authentication. 1Password only serves as a storage and management system for passkeys created by its users on different passkey-ready websites. The role of 1Password is only to store and synchronize created passkeys across devices using its beta release browser extension. By storing passkeys in 1Password, users can access them on any desktop device with the 1Password beta release browser extension activated. To access the passkey stored in 1Password, the user needs to log in to the 1Password beta release browser extension using the corresponding 1Password account.
Note that we have only performed the use cases with passkey-ready devices (e.g., no iPhone prior to iOS 16.0, no MacBook prior to macOS Ventura, no Windows device prior to Windows 10). Also, for testing purposes we used different services that support passkeys (e.g., Passkeys.eu, WebAuthn.io, and Shopify) as well as different accounts.
MacBook (macOS Ventura 13.3.1) | iPhone (iOS 16.4.) | Windows 11 | |
---|---|---|---|
1Password beta release browser extension deactivated | Use case 1 (Safari) Use case 2 (Chrome) | Use case 8 (Safari) | Not tested |
1Password beta release browser extension activated | Use case 3 (Safari) Use case 4 (Safari) Use case 5 (Safari) Use case 6 (Chrome) Use case 7 (Safari) | Use case 8 (Safari) | Use case 9 (Chrome) |
Use case | MacBook Safari passkey creation |
---|---|
Use case number | 1 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | Deactivated |
Synced in | Apple iCloud Keychain |
In this use case, we have tested creating a passkey with the 1Password desktop app open. Please note that this is the normal 1Password version and not the beta version.
Since 1Password passkeys are only available in the beta version, we encountered the normal passkey flow for Apple devices, which has already been described in detail in our analyses of eBay, Google, Shopify and KAYAK passkeys.
Use case | MacBook Chrome passkey creation |
---|---|
Use case number | 2 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Chrome 112 |
Platform | Apple |
1 Password beta release browser extension | Deactivated |
Synced in | N/A |
Here, we performed the same test as in the use case above. Instead of Safari, we used Chrome this time. Here, too, we encounter the already familiar passkey flow.
Now, to test 1Password passkeys properly, we installed the 1Password beta release browser extension for Safari and Chrome on our MacBook.
Below you'll find a detailed installation guide for Safari and Chrome.
Safari installation guide
Close the normal 1Password desktop app or stop using the normal 1Password browser extension
Go to 1Password beta releases: https://support.1password.com/betas/#install-a-beta-release-of-the-1password-browser-extension
Click on 1Password browser extension
Chrome installation guide
After the 1Password beta release browser extension has been successfully installed, we can now start testing 1Password passkeys.
Use case | MacBook Safari 1Password passkey creation |
---|---|
Use case number | 3 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | Activated |
Synced in | 1Password beta release |
We tested this use case on WebAuthn.io. After entering the email address, the 1Password browser extension automatically suggests saving it in 1Password.
We dismissed this pop-up by left clicking outside the authentication mask and then clicked on "Register. This triggered a 1Password pop-up in the right corner of Safari (see 2nd screenshot below).
To clarify, its important to note that 1Password passkeys dont refer to the passkeys used for logging into 1Password applications like the desktop app or browser extension. Instead, 1Password Passkeys simply represent a new way of storing passkeys.
When the 1Password browser extension is open, the interesting thing is that storing the created passkey in 1Password is always prioritized over the usual storage in the platforms own password managers (here Apple iCloud Keychain).
After clicking on Save the passkey was saved in 1Password, which was also confirmed by a pop-up.
When going to your 1Password browser extension panel, you can find the stored passkey and its properties. Interestingly, the passkey can also be found in the normal 1Password desktop app.
Use case | MacBook Safari 1Password passkey login |
---|---|
Use case number | 4 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | Activated |
Synced in | 1Password beta release |
In this use case, we logged in with the account that we created in the use case before. Please note that we tested this use case on a website that supports Conditional UI. For the sake of completeness, we also want to mention that we turned off the autofill feature provided by 1Password (2nd screenshot).
By clicking in the username field, 1Password detected that an account exists for this website. This is signaled by the appearing drop-down menu. When a website supports passkeys, the 1Password pop-up will display the official passkey icon next to the account details if a passkey already exists for that account. This feature is activated only when the website supports passkeys. In the case where a website supports passkeys but no passkey has been created for an account, 1Password will correctly detect this and the passkey icon will not be shown.
As mentioned, the Conditional UI feature is supported here, allowing for the use of a passkey stored in the Apple iCloud Keychain for another WebAuthn.io account. When logging in, this passkey is displayed as the first suggestion in the drop-down menu under the username field, as seen in the screenshot below. Consequently, the platform-specific password manager's drop-down menu consistently takes precedence. The passkey created in use case 3 using 1Password is listed below. This causes inconvenience for users, as they may encounter an unintended account that is challenging to dismiss, significantly impacting the overall user experience.
If Conditional UI is not supported and the 1Password beta release browser extension is open, only accounts saved in 1Password will be suggested. If the 1Password beta release browser extension is closed, then nothing is suggested.
After several attempts, we were able to click away the overlapping drop-down menu and select the account saved in 1Password.
Just as a side note, we want to mention that the Conditional UI feature doesnt work properly because we still had to manually click on "Authenticate" after clicking on the 1Password account in the drop-down menu.
After clicking on Authenticate, the pop-up in the right corner in Safari signals that we are signed in with the passkey stored in 1Password.
It is worth noting that we dont have to verify via biometrics again.
For MacBook, the tested 1Password passkey use cases work the same across all browsers that support the 1Password browser extension beta release.
Use case | MacBook Safari Apple iCloud Keychain passkey creation |
---|---|
Use case number | 5 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | Activated |
Synced in | N/A |
During this use case, we examined the passkey flow while having the 1Password browser extension beta release activated, but with the intention of creating a passkey and storing it in the Apple iCloud Keychain. Upon clicking the "X" button in the top-right corner of the 1Password pop-up, we received a verification email prompting us to confirm our account (Passkeys.eu). Consequently, it was not possible to create a passkey in this way. While no passkey could be created this way, there is at least the fallback to log in via email magic link. For other passkey-ready websites, this fallback was not implemented in Safari. Although this is not a bug, it highlights the inconvenience experienced by users in specific cases where 1Password is consistently prioritized over platform-specific passkey managers, even when it may not be the desired choice at the moment.
Use case | MacBook Chrome Google password manager passkey creation |
---|---|
Use case number | 6 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Chrome 112 |
Platform | Apple |
1 Password beta release browser extension | Activated |
Synced in | N/A |
In this use case, we have tested the same as in the use case before, but in Chrome.
After clicking Sign up the familiar passkey flow was triggered. Next, we clicked on Continue.
In contrast to the previous use case, we were able to create a passkey after clicking the "X" button on the automatically appearing 1Password pop-up in the upper right corner.
Use case | MacBook Safari Shopify passkey creation |
---|---|
Use case number | 7 |
Device | MacBook |
Operating system | macOS Ventura 13.3.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | Activated |
Synced in | 1Password beta release |
To test the cross-device synchronisation of 1Password passkeys, we first created a new account on Shopify in Safari using a MacBook. We saved the credentials of this account (e.g., username and password) in the 1Password browser extension beta release, which was opened at that time.
After successfully saving our Shopify account in 1Password, the automatic Apple iCloud Keychain pop-up appeared. This means that same account can be stored in both 1Password and the Apple ecosystem at the same time. That said, its worth noting that the 1Password pop-up is triggered before the platform-specific password manager pop-up (identical for Google password manager in Chrome). We assume that 1Password thereby wants to ensure that accounts are preferentially stored and synchronised in the 1Password password manager.
For testing purposes, we clicked on Not Now at the Apple iCloud Keychain pop-up so that the account is only saved in 1Password.
To initiate the 1Password passkeys cross-device synchronisation test now, we created a Shopify passkey for our Shopify account. How Shopify implemented passkeys for their e-commerce shops can be explored in our analysis of Shopify passkeys.
After going through the entire Shopify passkey creation process, we clicked Save on the 1Password pop-up that appears at the top right of the browser. By doing so, the Shopify passkey was now stored in 1Password and the previous account information (username and password) was updated.
Now that the Shopify passkey is stored in 1Password, it can be retrieved on all devices on which the 1Password (beta release) is installed as a browser extension.
This marks the most seamless cross-device usage we have come across so far. The 1Password technology allows for the synchronization of passkeys across platforms that previously lacked compatibility for synchronization. For example, a passkey created on an Apple device and stored in 1Password can now be retrieved on a Windows device and vice versa.
However, synchronization with mobile devices doesnt work yet because 1Password passkeys for mobile devices are not yet supported (see use case 7). One potential solution to this limitation would be to utilize the synchronization feature offered by platform-specific password managers such as Apple iCloud Keychain for Apple devices. However, it should be noted here that this synchronization only works for specific Apple device-browser combinations.
As demonstrated in previous use cases, the passkey created for a particular service (e.g., Shopify) is always also stored in the services settings. Unlike services such as Google, Shopify does not recognize or display the fact that a passkey has been stored in 1Password within its own passkey properties.
Use case | iPhone Shopify passkey login |
---|---|
Use case number | 8 |
Device | iPhone |
Operating system | iOS 16.4.1 |
Browser | Safari |
Platform | Apple |
1 Password beta release browser extension | N/A |
Synced in | N/A |
To test the actual cross-device synchronisation of passkeys stored in 1Password, we logged into the same account with an iPhone in Safari as in the previous use case.
Please note that no 1Password app (neither the normal nor the beta version) is installed on this iPhone.
As the passkey for this Shopify account is stored in the Shopify account settings as mentioned in the previous use case, Shopify detects that a passkey exists for this account.
After clicking on Log in with passkey, our iPhone couldnt retrieve a passkey.
The support to store and retrieve passkeys in 1Password is currently being developed, which is why it is not yet available. As a result, synchronization of passkeys between desktop and mobile is not possible in 1Password at the moment.
After testing the iOS 17 beta release, we expect 1Password passkeys to be available in the 1Password iPhone app with the iOS 17 release.
Use case | Windows KAYAK passkey login |
---|---|
Use case number | 9 |
Device | HUAWEI MateBook X Pro |
Operating system | Windows 11 Home 22H2 OS build 22621.1635 |
Browser | Chrome 112 |
Platform | Windows |
1 Password beta release browser extension | Activated |
Synced in | 1Password beta release |
After we have created a new KAYAK passkey via the MacBook in Safari and stored it in 1Password, we want to demonstrate the seamless cross-device usage between different platforms in this use case.
We intentionally retrieved the KAYAK passkey stored in 1Password using the 1Password beta release browser extension on a Windows device. Previously, passkey synchronization between Apple and Windows platforms was not possible, but this use cases shows the upgraded cross-platform functionality.
1Password, being one of the pioneers in the field of password managers, is at the forefront of driving the transition towards passwordless authentication with the introduction of 1Password passkeys. Since June 6, 2023, users have the ability to store and retrieve passkeys from passkey-ready websites using the 1Password beta release browser extension. Presently, this functionality is exclusively available on desktop devices. By exclusively utilizing the 1Password beta release browser extension for passkey storage, passkeys can be retrieved across various platforms and browsers where the extension is installed, enabling synchronization between platforms that were previously unable to sync through platform-specific password managers. This cross-device compatibility showcases 1Password's commitment to facilitating seamless usage and may motivate other tech players to adopt similar features. However, it's important to note that 1Password passkeys are not yet compatible with mobile devices, but according to 1Password, this is a feature currently in development.
Table of Contents
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.
We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour
Start for free