How to log in to websites and apps with passkeys using 1Password

While convenient and user friendly, password managers can’t entirely address the issues passwords present in the first place, like phishing and brute force attacks.

That is, until now, with 1Password’s move towards passwordless authentication using passkeys. Passkey technology is a safer, more convenient way to prove your identity and sign in to websites and apps.

Passkeys are growing in popularity, and for good reason — they’re a secure and convenient alternative to passwords. They allow you to log in to your online accounts without a password or magic link.

With 1Password, you can create, use, and manage passkeys across multiple devices. So, if you haven’t created or used passkeys yet, there’s no better time to get started.

This post explains what passkeys are, how they work, why they’re more secure than passwords, and where you can use them. It also walks you through the steps to log in to your favorite websites and apps with passkeys using 1Password.

By the end of this post, you’ll be ready to join the passwordless revolution and enjoy a smoother and safer online experience.

How passkeys streamline the sign-in process

A passkey is a form of digital credential developed by the FIDO Alliance, an open industry association with a mission to reduce the world’s reliance on passwords.

Each passkey is tied to an online account and allows you to authenticate — that is, to prove your identity — without entering a password.

Passkey technology makes logging in faster, easier, and safer than using traditional passwords. It even beats using a password combined with another layer of security like multi-factor authentication (MFA).

Passkeys work using public-key cryptography, also known as asymmetric cryptography. This method of encryption involves two different cryptographic keys: a public key and a private key. (We’ll explain exactly how they work in a second.)

How does public-key cryptography work?

While we won’t get into all the intricacies of public-key cryptography here, the basic idea is straightforward.

Each public and private key pair is mathematically linked. You can think of the pair as a one-of-a-kind key that’s designed to go in a one-of-a-kind lock. You need both pieces to authenticate and log in to the account that your passkey was created for.

When you create a new passkey for a website or app, your device generates a unique key pair.

The public key is stored by the website or app, on its servers, while the private key is saved by the user on their device or in a secure location like 1Password.

But how does that help verify your identity?

When you want to sign in, the website or app uses the private key to create a “challenge” that can only be solved by the corresponding private key, and sends it to your chosen authenticator — 1Password, in our case.

Your authenticator uses your private key to solve the challenge and sends the resulting “signature” back without ever revealing the private key. The website or app verifies the signature using your public key. If everything checks out, you’re granted access.

This all happens under the hood automatically. All you have to do is authenticate. 1Password takes care of the rest, making your experience simple and convenient.

In short, saving your passkeys in 1Password makes signing in essentially a one-click or one-tap process. You don’t have to remember anything or type anything out. All you have to do is unlock 1Password, if you haven’t done so already. You can do this in a flash using biometrics, such as Touch ID or Face ID).

According to Google, passkey sign-in is 40% faster than using a password.

Why passkeys are more secure than passwords

Passkeys aren’t only easier to use but also more secure than passwords.

Here are a few reasons why:

1. Your private key always stays private

First, your private key doesn’t leave your device. You never have to share it — not even with the website or app you’re signing in to. Unlike a password, you don’t have to worry about how it’s being handled when it’s out of your hands.

When you create a username and password, the information is stored on the website’s servers. If a hacker breaks into the server and your credentials haven’t been protected properly, they might be able to access your account.

Passkeys are different. Even if hackers break into the website or app’s servers and get hold of your public key, they won’t be able to log in to the associated account because they won’t have the corresponding private key.

2. Passkeys are unique and strong cryptographic keys by design

Second, passkeys are unique and can’t be reused.

It’s possible to choose a weak password and reuse it across multiple accounts. By comparison, your device automatically generates passkeys, which are random, unique, and virtually impossible to guess.

When you use passkeys, you can also rest easy knowing that if one of your accounts is somehow hacked, the rest of your accounts are still safe.

3. Passkeys protect you from phishing and social engineering attacks

Finally, passkeys are resistant to phishing and social engineering attacks. Phishing is a common technique used to trick you into revealing your passwords (or other sensitive information) via fake emails or websites that look like the real ones.

Social engineering is a similar tactic that involves manipulating you into giving up your credentials or access to your accounts.

Since each passkey is unique and bound to the website/app for which it was created, and your private key is never shared as part of authentication, you can’t be tricked into sharing your login credentials with a fake entity. The private key never leaves your device or 1Password.

Where you can use passkeys

Passkeys are an emerging technology, and a growing number of websites and apps already support them.

In 2023, major consumer brands like Amazon, Apple, CVSHealth, DocuSign, Google, PayPal, Shopify started supporting passkeys. According to the FIDO Alliance, this covered more than 7 billion user accounts. Password managers such as 1Password also added passkey support, giving users a secure and convenient place to store them.

Apple introduced its passkey support in June 2022 at the Worldwide Developers Conference (WWDC) as part of the iOS 16 and iPadOS 16 beta release. Passkeys became available to Apple customers and could be saved in the iCloud Keychain in September 2022, when iOS 16 was officially launched.

Besides Amazon, major e-commerce sites like eBay have joined the passkey revolution. The same goes for large travel booking sites like Kayak.

That said, not all online service providers offer passkey logins yet. If you want to discover which services support passkeys, 1Password offers two ways:

• First, anyone can check our online passkey directory to see which apps and websites have already adopted passkeys. Or you can vote on which platforms you want passkey compatibility with in the future.

• Second, if you use 1Password, you can also check Watchtower in the 1Password app, which flags which of your existing (password) logins can be updated to use a passkey.

How to save and sign in with passkeys using 1Password

1Password is the best password manager for saving and managing passkeys. It offers multiple features for creating and managing passkeys, passwords, and other sensitive data.

At the moment, you can save and sign in with passkeys using the desktop version of 1Password’s browser extensions and 1Password for iOS on devices running iOS 17 and iPadOS 17 or higher.

Own an Android device? You can use 1Password to save and sign in to compatible Android apps using passkeys. Google is developing the necessary APIs that will allow third-party apps like 1Password to support passkey creation in Chrome for Android. As soon as they roll it out, you’ll also be able to create passkeys in Android browsers, too.

1Password’s passkey support goes beyond saving and signing in. You can also use the 1Password app on any device to view, organize, and share your saved passkeys.

Suppose you visited the directory or saw an alert in Watchtower notifying you that a site you use now offers a passkey login. What do you do next? First, you must create and save your passkey. Then, you just have to log in.

The process varies slightly depending on whether you’re creating an account for the first time or updating an existing account to use passkeys.

Let’s break this down:

Saving passkeys for new accounts

Setting up and saving a passkey for a new online account in 1Password is straightforward. You’ll usually find the option to create a passkey on the website or app’s sign-in page or somewhere under account settings.

When you select the passkey option, 1Password will automatically offer to save it.

Choose which vault to store it in, and you’re done! You can also give your passkey a name and an icon to make it easier to identify.

Saving passkeys for existing accounts

The process is very similar if you have an existing item for the website already stored in 1Password (a username and password or other credentials you saved before).

The only difference is that 1Password will prompt you to update that login item instead of creating a new one.

In some cases, you must log in with a password first and then navigate to Account Settings to create a passkey.

For example, imagine you want to set up your existing Amazon account to use passkeys. If this is the case, you must log in to your Amazon account using 1Password.

Then, navigate to Accounts & Lists > Login & Security. Once there, click or tap the “Set up” button next to “Passkey.”

Once there, you just hit the “Set up” button again, and 1Password will prompt you to update your Amazon login item to add your newly created passkey.

Signing in with passkeys

Signing in is just a click or tap away once your passkey is created and stored in 1Password. You just open the login page or screen of the website or app you want to sign in to. 1Password will then automatically offer to use your saved passkey.

If you have more than one passkey for the website or app, they’ll appear as a list. Select “Sign in” next to the passkey you want to use, and 1Password will handle the rest.

Start using 1Password passkeys

Passkeys are the future of online security. They make signing in faster, easier, and safer than ever before. And with 1Password, you have everything you need to start using passkeys today.

1Password is available for Apple devices running macOS and iOS, as well as Windows, Android, Linux, and Chrome OS.

You can also get the 1Password browser extension for Chrome, Firefox, Edge, Brave, and Safari.

Don’t wait any longer. Whether you need to increase the security and convenience of your personal, business, or enterprise logins, join the passkey revolution.

If you’re not already using 1Password, sign up for a free 14-day trial today to enjoy passwordless authentication.

1Password