I use Firefox as my browser and 1Password as my password manager. On my iPhone, I use 1Password + Firefox.
I look at https://passkeys.directory/ every so often and switch my logins from passwords to passkeys. This has included a lot of my common logins like GitHub, Google, and Microsoft.
There is a lot of confusing terminology. For some reason sites will say "login with Touch ID" or "login with Windows Hello" instead of "login with Passkey".
Aside from that quirk, I love it. 1Password syncs my passkeys between devices. I can use them both on my laptop and my phone. It would be inconvenient if I needed to login to a shared computer e.g. at a library or friend's house, but I don't do that often enough to care (though of course some people do, which is totally valid).
> It seems like we still have some way to go before we figure it all out.
You're 100% right, though I'm actually surprised that so many sites already support passkeys.
If passkeys is a good idea and consumers use them, then gradually sites will shift over. Changing how everyone in the world does auth is not going to happen overnight, or even in a year.
If your only argument is "wow, it's easy", you're not arguing from the perspective of any kind of security.
I can believe it's easy. But just knowing this doesn't give you any understanding of potential downsides.
Years ago I lost access to various stack-exchange accounts when Yahoo stopped offering Oauth services. Thankfully not a biggie for me but it soured me on relying on third parties for access to a given account.
Honest question, not a critique: what's the point of passkeys if you already use 1password? It unlocks with touch ID both on computers and phones, it autofills and autogenerates username and password. Plus you've got the option to fall back to manual input if you don't have 1password available in a particular device, and credential sharing (outside of 1p) becomes feasible. What's better about passkeys with 1p?
I wish there was a "fast API" for password managers. You can help them autocomplete by using `type` and `autocomplete` attributes in your login form, and there is a "well-known" URL to find the password change form, but I wish there was a way to bypass the HTML page entirely. This would get us 99% of the features of Passkeys I think, where the user only interacts with the password manager's UI.
Also a 1Password passkey user. It is the most portable implementation of passkeys I've used. Still, if you want portability with passkeys you have to trust some company to sync them. I don't want to need to rely on Google, Apple, or Microsoft to sync my keys because those platforms all have some lock-in. Guess 1Password is a form of vendor lock-in too, but it is one I don't mind.
I don't think we should consider passkeys failed already. The widespread rollout just got started, and the ecosystem hasn't had a chance to catch up. Give it some time, and see if things get better.
I use Firefox as my browser and 1Password as my password manager. On my iPhone, I use 1Password + Firefox.
I look at https://passkeys.directory/ every so often and switch my logins from passwords to passkeys. This has included a lot of my common logins like GitHub, Google, and Microsoft.
There is a lot of confusing terminology. For some reason sites will say "login with Touch ID" or "login with Windows Hello" instead of "login with Passkey".
Aside from that quirk, I love it. 1Password syncs my passkeys between devices. I can use them both on my laptop and my phone. It would be inconvenient if I needed to login to a shared computer e.g. at a library or friend's house, but I don't do that often enough to care (though of course some people do, which is totally valid).