Passkeys are a great technology that can replace passwords and any number of multi-factor authentication mechanisms. However, they have one major limitation holding them back from fully replacing passwords.
While passkeys are a great sign-in method, they can’t be used to encrypt the data associated with your account. Until now, services have been stuck with passwords and other clever key handling methods to encrypt customer data.
That’s no longer the case for services that you’ve chosen to protect with a passkey saved in 1Password. Starting with the latest beta versions of our browser extension and 1Password for Android, any service you log in to with a passkey – provided it’s stored in 1Password – can use that same passkey for end-to-end encryption.
What does this mean?
Let’s say you use an app that protects all of your notes with end-to-end encryption. That means only you have the key required to decrypt and read your notes. Historically this key would be a password. It would be used to verify who you are and decrypt your data.
Passkeys in their base form can only be used to verify who you are. They’re excellent at this but can’t traditionally be used to scramble the data associated with your account – in this case, your private notes.
That changes with the Pseudo-Random Function (PRF) extension. Now, passkeys stored in 1Password can also be used for encryption. That means the note-taking app can fully ditch passwords and use passkeys for the sign-in process and encrypting your notes.
What is PRF?
Pseudo-Random Function, or PRF, is an extension for WebAuthn, the protocol behind passkeys. Along with the basic functionality for passkeys, the WebAuthn specification includes optional extensions that add useful features.
You might already know that behind every passkey are a public and private key. PRF creates an additional key, which doesn’t encrypt your data directly. Instead, the extension combines this third key with a salt which is generated by the service (e.g. the note taking app). Mixing these two ingredients in a secure way produces a shared secret in addition to the usual passkey authentication result. The service can then use this shared secret as an encryption key.
This shared secret has two important properties:
- Its value is deterministic. The same input from the web service will always give the same respective output.
- Its value is unpredictable. It is virtually impossible for an attacker to guess the shared secret or the passkey’s secret even if they know many of the possible salt and shared secret combinations.
In symmetric encryption, a deterministic value is crucial since the key that was used to encrypt is also used for decryption. If the process creates a different result or key every time, your data can’t be decrypted anymore and you’ll essentially be locked out forever.
A deterministic output doesn’t mean it’s predictable. The salt on its own doesn’t tell an attacker anything about the shared secret. If the attacker knows both the salt and the final shared secret, they still can’t infer anything about the secret key nor any future shared secrets should the salt change. This allows a service to easily change the encryption key by changing the salt without ever exposing your data.
Why is PRF important?
Passkeys are great at proving who you are in a secure and un-phishable way. The private and public key behind every passkey always stay the same but the output changes every time you sign in to the associated account. This is great for authentication because if an attacker somehow obtained the output, they couldn’t re-use it to impersonate you later.
However, this characteristic breaks the first important property we outlined for encryption: determinism. Since the output changes every time, using this process for encryption means we would never be able to retrieve the same encryption key.
Historically, all of your online accounts would use a strong password as an encryption key, similar to how vaults in 1Password are protected by your account password and secret key.
We’re running a public beta at the moment that lets you unlock 1Password with a passkey instead of an account password and a secret key. When you unlock 1Password this way, we currently generate and store a separate device key that is used to decrypt and encrypt your account data.
When other websites or apps implement end-to-end encryption, they now need to carefully think about where and how they should store the encryption keys. Every platform requires a different implementation and in the browser it’s currently not possible to store these keys in a secure manner.
By supporting the PRF extension for passkeys, encryption keys are now protected by the same mechanisms that already secure millions of passkeys. This finally allows passkeys to truly replace passwords for any operation.
Our angle
In an ideal world, every passkey manager would support PRF. It would allow other companies to make their services more secure by implementing end-to-end encryption, knowing that the key is securely protected.
As an end-to-end encrypted product, 1Password would also greatly benefit. If you unlock 1Password with a passkey, this would give you the option to let 1Password handle the encryption key or to store the encryption key in another passkey manager. It’s a win-win for everyone!
Unfortunately, this is not the world we live in today. We want to see every passkey manager adopt the PRF extension. This will allow applications and web services to encrypt their user’s data when they adopt passkeys. Therefore, we are leading the charge by providing our PRF implementation in our open-source passkey library. This makes it easier for other passkey managers to provide PRF for their users.
What does this mean for you
PRF support is available now in the latest 1Password for Android beta (8.10.38) and browser extension beta (2.26.1). Our PRF support will also be available on iOS 18.
If you’re a 1Password customer, you won’t notice any differences while using your passkeys. This change is all behind the scenes. While invisible, it increases your online security so it’s important that you’re aware of it. There’s nothing you need to do other than update your 1Password apps.
If you’re developing a product that could benefit from end-to-end encryption, it’s the perfect time to look into adopting passkeys along with the PRF extension. You can learn more about PRF and how our passkey unlock solution works by checking out these resources:
Tweet about this post