Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
Regarding PassKeys, 1Password supports it in their password manager, so it will move from device to device with you. Bitwarden should also support it, they bought a PassKeys developer passwordless.dev back in January to help them add support for it in Bitwarden.
2 Likes
Black Mastodon could be called Blastodon. That should be reason enough to make it happen! /j
Leo, here’s a way to remember which curve is the difficult one. Behold the learning cliff:
2 Likes
Hilarious 
1 Like
1Password’s latest passkey AMA says they’re working with FIDO & other password managers (!) on passkey portability.
Is 1Password working with other password/passkey managers for passkey portability?
Yes! We, along with other password managers and the platforms, believe that users should be able to own their passkeys and store them in whichever provider they want to. We are actively working with other providers and the FIDO Alliance to create a secure way to transfer passkeys (and other credentials) between providers. This same group is also working on simple ways for password managers to integrate seamlessly into the platforms systems like iOS and Android. The goal is for users to have a consistent, simple experience regardless of where they store their passkeys.
//
Android 14 will support password managers to save passkeys; iOS doesn’t yet support password managers integrating with passkeys yet. The extension on macOS seems to have the capability ready, just waiting to launch.
Will 1password work on my phone too?
Yes! 1Password has Android and iOS apps that can be used to save and fill credentials on apps and mobile websites. Passkeys will also be supported on these platforms as soon as possible.
When Android 14 is released in August 2023, it will support using 3rd party passkey providers like 1Password to create and use passkeys for websites and apps. So while you can’t use passkeys stored in 1Password on your phone right now, you will be able to soon.
The same will be true for iOS as soon as support for 3rd party passkey providers is released. Stay tuned!
//
For passkeys in 1Password, we will eventually support all browsers and platforms that 1Password has an app or extensions for.
The extension will be able to save and fill passkey on MacOS, but in some cases, we are waiting for platform support. That means 1Password can’t save and fill passkeys on iOS right now, but as soon as support for 3rd party passkey providers is released, we will!
We are working closely with all of the platforms to make this happen soon, since we feel it is critical to a good experience.
//
Passkey recovery will also be via the Emergency Kit (but with something other than a password + Secret Key):
We do plan to make some equivalent of the Emergency Kit available with recovery codes for passkey users, along with other recovery options. More to come on this soon!
Regarding passkeys, Lauren Weinstein points out that stolen unlocked phones using passkeys give thieves complete access to those accounts, until such a time as the rightful owner manages to revoke them, which could be hours in many situations out in poublic, far too late.
Not exactly - the face or touch ID is invoked when you’re authenticating with Google. So even if your phone is unlocked, it’s still going to do the second check.
1 Like
Lauren responds: “Yes, I noted there is a second check, BUT, AFAIK – and G seems to say this explicitly – if the phone lock is not biometric (and many people can’t or choose not to use biometric locks, for good reasons), a weak phone unlock PIN (for example), easily spied on or crackable, will give access to the passkeys. People’s phone locks are cracked this way every day. The flaw is that the second check is just as strong (OR WEAK) as the phone unlock.”
If only all my steep learning curves were easy 
1 Like