No doubt about it: The technology behind passkeys can be perplexing. With cryptographic keys, authenticators, and standards that bear names like FIDO2 and WebAuthn, it’s easy to feel overwhelmed. However, here’s a reassuring insight: you don’t need to grasp all the intricate details to benefit from passkeys. By adhering to a straightforward guideline—accepting the opportunity to create a passkey whenever a website or app offers—you can significantly enhance your security. Simply utilize your face, fingerprint, or a PIN to verify your identity, and you’re set. This approach has allowed me to accumulate a diverse collection of around 30 passkeys, streamlining my sign-in process across various online services.
Passkeys made simpler
While the experience isn’t yet flawless, it’s becoming increasingly user-friendly. The most challenging aspect often lies in deciding where to store the passkey. With Windows Hello configured on my PC, it attempts to manage the passkey, necessitating a workaround to utilize the passkey stored in my preferred password manager, 1Password. Fortunately, this complexity is on the verge of resolution. 1Password is poised to leverage a new native passkeys plugin API, allowing it to seamlessly integrate its credential management with Windows 11. Once this integration is enabled, 1Password will take over as the credential manager, enabling users to create passkeys on any device and manage them through 1Password, all while utilizing Windows Hello for authentication.
How it works
This feature was initially available for testing last summer, requiring a Windows Insider preview release from the Dev channel along with a beta version of the 1Password app for Windows. Now, any user operating the latest version of Windows 11 and the newly released MSIX version of the 1Password app can enable system-level passkey integration. The MSIX format, which employs containerization to isolate apps from the broader system, ensures that these applications can read the registry and file system while writing their files and registry entries to a virtualized location, simplifying cleanup after resets or uninstalls.
Once the prerequisites are met, 1Password will prompt users to enable the passkey feature within the desktop app. Alternatively, users can manually activate this feature by navigating to Settings > Autofill in the 1Password app and selecting the “Show passkey suggestions” option. The final step involves designating 1Password as the system authenticator in Windows, accessible through Settings > Accounts > Passkeys > Advanced options. Here, users can select any third-party app that supports the passkey plugin API. Upon enabling the Autofill option in the 1Password app, it conveniently directs users to the appropriate page in Windows Settings, requiring just a toggle to activate 1Password.
After making this adjustment, a new prompt will appear when creating a passkey, allowing Windows to utilize your chosen credential manager instead of defaulting to its own. Windows Hello will manage the authentication process to finalize the setup.
What’s next?
1Password stands as the first third-party provider to embrace this integration, but it’s likely that other password manager applications will soon follow suit. Users of Bitwarden or Dashlane should stay tuned for announcements regarding their respective passkey plugin support. Additionally, Windows is rolling out its own passkey sync mechanism through the Microsoft Password Manager in Edge, providing an alternative for those who prefer not to rely on third-party tools.
It’s important to note that, as currently implemented, passkeys do not automatically replace existing credentials. Instead, they serve as a more convenient and secure alternative to traditional username and password combinations. A select number of sites and services now offer fully passwordless options—Microsoft accounts, for instance, allow for complete passwordlessness. However, these options are typically geared toward advanced users and necessitate careful consideration to ensure backup recovery methods are in place, preventing accidental lockouts.
Having installed the new 1Password app and activated the integration on my Surface Pro laptop, I found the process refreshingly straightforward. For those already using 1Password, I highly recommend taking advantage of this new feature.
