undefined | Better HN

0 pointslarsnystrom1y ago0 comments

I've added a few passkeys to 1Password. It works pretty well on github.com, and sometimes on google.com. But apparently, passkeys.io bypasses 1Password and asks the OS for passkeys? So passkeys.io doesn't actually work for me, unless I want to store the passkey in the OS keychain. Which I don't, because I don't want to be locked into that.

How can it be that the website decides which password manager I should use to store the passkeys? That's crazy and goes against all intuition.

0 comments

FlxMgdnz1y ago

Hey, founder of Hanko.io here, we run passkeys.io. That behaviour is not intended. We've recently changed the demo to require authenticator attestation on passkey creation, that may have an impact on authenticator selection. But a quick test on my system (macOS, Chrome) resulted in the 1Password UI intercepting the "Create a passkey" flow - as expected. It would be awesome if you could help us understand why your experience is different.

With that being said, we are not happy with how password managers have implemented passkey intercepts, but ultimately that's a decision the user can make, as it can be disabled in the browser extension settings.

vbezhenar1y ago

My assumption is that there's no proper browser API for third-party passkeys, so this extension probably monkey-patches website JavaScript which is not reliable.

frizlab1y ago

Interesting. What OS/browser do you use?

j / k navigate · click thread line to collapse