1Password has issued 1Password 8.12.26, enabling you to choose which section of the password manager appears at launch. The release adds support for CTAP2 authenticators that require user verification when you sign in to a 1Password account, changes the audit event that’s logged when an item is moved or duplicated between 1Password accounts, improves an error message shown on the lock screen for a specific SSO-related unlocking issue, resolves an issue where selecting Save repeatedly while creating an item could result in duplicate items, and fixes a bug where one-time passwords wouldn’t refresh when viewed in Large Type. ($47.88 annual individual subscription from 1Password, free update, 4.8 MB installer download, release notes, macOS 12+)
I’m happy with the way that 1Password has evolved and matured.
But there is one thing that I wish they would address: The ability to share passkeys between/across different password managers. I am avoiding passkeys because it makes 1Password a commercial island (e.g., can’t share passkeys between Apple’s Passwords and 1Password, for example). That limits my ability to share passkeys with family members (we are not a monoculture). My understanding is that the FIDO Alliance worked out the standard, but I have yet to see evidence that 1Password is making use of it – so I am eschewing passkeys (which, from a pure technology perspective is excellent – implementation is the problem).
Agreed. I’m committed enough to the Apple ecosystem that I can use PassKeys on my Mac (Firefox uses the macOS PassKey storage) and they’ll sync to my iPhone, which I can use (via QR codes) to authenticate logins on Windows and Linux. But if I forget myself and create a PassKey on Windows or Linux, I can’t use it anywhere else, because there’s no way (that I know of) to sync them into my iPhone.
I think Apple could partially fix this by adding PassKey syncing to their iCloud for Windows app. it wouldn’t help my Linux use, but it would still be better than what we have now.
I’d love it if Apple and Microsoft would adopt the FIDO standards for proper interoperability, but I think it will be quite some time before that happens, if ever.
You can export them from Passwords on iPhone and them share them from the other app. Passwords app, tap the three dots top-right, tap Export data to another app, choose the entries with passkeys you want to export and choose next, choose 1Password, it will open 1Password and import the entry/entries.
Doug, that’s great that Apple has a means to securely export passkeys to other password managers. But 1Password doesn’t appear to have a means of securely exporting passkeys. And that’s my complaint.
The technology is there, but 1Password doesn’t seem to want to enable it. 1Password is my default password manager, so any passkeys in my store are hostage to 1Password (unless I’m content with an unencrypted download, which kind of defeats a purpose of passkeys). Am I missing something?
While it’s true that you cannot export discrete items from 1P, you can export the entire data store, including passkeys, from 1Password for iOS and iPadOS, using the Credential Exchange Standard. See How to export your data from the 1Password apps | 1Password Support (click on iOS.)
In this particular case, you might want to create shared passkeys in the Passwords app and them export those items to 1Password.
Note that many sites that support passkeys support the creation of more than one passkey, so you can create a passkey for the Passwords app and a passkey for 1Password.
Doug, you are describing some interesting work-arounds for inadequate support in 1Password.
The normal use case is one where I got a new passkey for a site that I need to share with my wife. The work-around you describe requires that I export the hundreds of entries that I now have in 1Password, and somehow extract the one I want to share (which is probably only possible from the unencrypted format on Mac). Or, as you suggest, force the passkey to be created in Apple’s Passwords app – which I currently don’t use – I assume by surgically turning off 1Password as the destination, turning on Apple’s Passwords, and then accepting a passkey (and then switching back to 1Password).
Either way is cumbersome, and should not be necessary.
You wouldn’t need to export passkeys between password managers. You create a passkey for your account in 1Password and share with other members of your family who use 1Password, one of the people who use a different password manager create a passkey stored in that password manager and share it with the members who use that one.
There are very few passkeys I’ve created that don’t allow this. I’ve recently switched from being the only one using 1Password to sharing Passwords with my wife, so I’ve been doing this a bit. I haven’t tried it with all of them, and some of them (CVS, the US-based pharmacy) doesn’t allow it, but Amazon did, Google did, etc.
She (or you) could use your wife’s phone (or Mac account), login with the password, and create a passkey on the device.
Maybe, but the credential exchange standard is pretty new - about one year old right now - so hopefully 1Password will improve the process over time. Apple does do it better, though it’s not perfect - it would be nice if you could search for any item with a passkey rather than choosing from a large list, but that’s not possible yet. BitWarden (which I also tested as an alternative to 1Password before deciding to switch to Apple’s Passwords) is the same as 1Password - you can only export the entire vault, not choose discrete items to export.
Yes, Apple has done a good job in Passwords. I would ditch 1Password and use Apple Passwords if the latter hadn’t dropped support for Secure Notes (which Keychain Access provided). Yes, there is a way to lock notes in the Apple’s Notes application, but that’s a poor substitute. I use Notes for day-to-day notes, and I view security-relevant things (such as backup codes, the lies I invent for “security questions,” and other authentication-related secrets) as fundamentally different than day-to-day/working notes. They should be kept separate. Apple dropped the ball on that one, so I use 1Password instead.
I agree, plus locked Notes cannot include attachments. @ShermanWilcox here turned me on to the app Uplock, which has versions for Mac, iOS, and iPadOS, syncs with iCloud, and can import from 1Password. So far for me it’s a great substitute, and cheaper than a subscription to 1P if I remember right.
That is a fantastic suggestion. Uplock seems to address the gaps I cited in Apple’s Passwords app. They say all the right things, for sure, on their Web site – with one exception. They don’t cite an independent audit (which would certainly seal the deal for me). I’m definitely going to experiment with it.