1Password Passkey Tutorial | How to Use Passkeys in 1Password

Подписаться 7 тыс.

Просмотров 22 тыс.

50% 1

1Password just dropped a huge update! They are one of the first password managers to support managing passkeys. This allows you to use passkeys on multiple devices. You'll never get caught without it again.
Take action now to set up your FIDO2 WebAuthN passkeys today!
📝 Sign up for my free weekly security newsletter: weekendbyte.teachmecyber.com/
Links
1Password: 1password.com/
1Password Tutorial: • 1Password Tutorial | T...
Passkeys Overview: • What are Passkeys? | A...
❤️ Leave a comment and hit the like button because it helps spread cyber security knowledge to more people.
Table of Contents
00:00 - Intro
00:22 - Speed improvements
01:09 - Passkey Overview
02:09 - Use passkeys with 1Password
03:01 - Logging in with passkeys
03:41 - Catch #1: Supported websites
05:58 - Catch #2: No export capability
06:24 - Catch #3: Less security?
07:01 - Best practices
07:27 - Closing
🔔If you found this helpful, subscribe to the channel!
www.youtube.com/@teachmecyber...
🚀 Connect with me on LinkedIn
/ jrebholz

Наука

Опубликовано:

28 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 47

@JazzzzzyG 7 месяцев назад

This is hands down one of the best tech tutorials I've ever watched, on any topic. Subscribed. Thanks Jason!

@teachmecyber 7 месяцев назад

Thanks for the feedback! Glad it was helpful for you.

@MayureshKadu 2 месяца назад

As a long time 1password user - I found this a decent summary. Nicely done!

@mikewright9547 9 месяцев назад

Thanks great video I’m going to tackle this today.

@teachmecyber 9 месяцев назад

Great to hear that! Let me know how it goes!

@Lemmiiiiii 3 месяца назад

I think I start to get the idea of passkeys, however one thing I still do not understand, to me it seems like passkeys are kinda inconvenient compared to the conventional password/user. it may be great for desktop only usage but in todays world with Phones, tables etc to my understanding they don´t corporate? Meaning if you set up a passkey for a website, it´s only for that website, apps etc would need another passkey or am I wrong?

@MichaelToub 3 месяца назад

Great Video!

@miner3993 8 месяцев назад

Great stuff Thanks 1 quick question , Would I be about to use a Security Key C NFC The YubiKey 5 C NFC to create passkeys for my APPs and Websites? Or do I need to get The YubiKey 5 C NFC. What would be the reason way I would want to get The YubiKey 5 C NFC over the Security Key C NFC

@teachmecyber 8 месяцев назад

Both will be able to create passkeys for any online app / website that supports passkeys. The main difference between the two just comes down to features and supported connectors. The yubikey has much more but most of them you likely will never use. A full breakdown of comparisons is here: www.yubico.com/store/compare/?gad_source=1&gclid=CjwKCAiA04arBhAkEiwAuNOsIioh1abLX857kr5RWWomzuizlKhg4OkvnpDNXPFpxozmNDhTMPsd5RoCs8oQAvD_BwE

@JadeSambrook 22 дня назад

Thank you for the great and helpful video. A couple questions though: if I was originally using a password to login to my Google account and that password is stored in 1Password, once I create the passkey for Google in 1Password do I delete the password or do I need to keep it just in case? In other words, is it redundant to have a passkey and a password? Or does it weaken security in any way to have both? And the second question: if I set up a passkey in my 1Password, can I also set up a passkey on my Yubikeys for the same account (i.e., Google) in case the device I am using does not have 1Password installed on it or in case I ever lose access to my 1Password account?

@explorergal91 8 дней назад

I have the same question

@paulreilly4510 5 месяцев назад

Thanks for a very good tutorial Jason. I have avoided going too far into passkeys for two reasons. 1st, confusion about passkeys in 1password vs passkeys in iCloud Keychain. I accept that 1password is more secure but I still wonder if there is a wall between the two systems? Are there any cases where using one is better than the other? 2nd, how about a passkey for a site like Google? I just watched your tutorial on RU-vid on my Mac. If I change my Google credentials to a passkey in 1password what is going to happen when I open the RU-vid app on an AppleTV? Will I have to authenticated using an iPhone? Is this a case where saving a passkey in iCloud Keychain is preferable because of the AppleTV that is tied to iCloud?

@teachmecyber 5 месяцев назад

The biggest difference between the two is going to be ease of use (e.g. how easily can you access 1Password vs keychain) and security on those (1Password is more secure because of the amount of info you need to access it, which also makes it harder initially to get set up on multiple devices). In your RU-vid example, it's likely going to prompt you on your phone which you can access either your keychain or 1password. Keep in mind that you can configure multiple forms of MFA. So while you want to use passkeys where you can, it isn't going to be supported everywhere. So you can always fall back to another form of MFA (like the authenticator app).

@usmanzubair3479 8 месяцев назад

(Android) In my vault it shows passkeys available and when i click on that and go to Chrome set up my account it doesn't save the passkey into 1password, it's still showing me the popup

@teachmecyber 7 месяцев назад

Have you disabled Google password manager?

@jasekdominik 9 месяцев назад

So private key is not stored on the actual device, but rather on 1Password cloud instead? Is it true also for other password managers like icloud Keychain or Google Password Manager? I am little confused, because I read that private keys are always stored on a physical device 🤔

@teachmecyber 9 месяцев назад

For device bound passkeys, they are always stored on a physical device like your phone, computer, desktop, etc. For synced passkeys, the private key is stored in the cloud where it can then be synced to other devices. This is what icloud and Google Password Manager do. 1Passwords implementation is more in line with synced passkeys. The passkeys you create with 1Password are stored in your vault. So that will be stored in the 1Password cloud as well as in a local copy of your vault.

@StijnHommes 8 месяцев назад

@@teachmecyber The only password Google is getting is the password for my Google account. What makes them think my passkeys would be any different? This vendor lock-in should NOT extend to authentication. 1Password, LastPass and Dashlane don't get anything from me at all.

@michaeleichner7522 7 месяцев назад

Great video. I have a few questions. 1. Am I correct that if 1Password DIDN’T synch passkeys that I would need to set up a different passkey for each of my devices within 1Password for a specific website? 2. If I set up a passkey for a website and my fingerprint scanner breaks will I be able to log in using username and password? 3. If I use a Yubikey to secure 1Password wouldn’t it make sense to use the Yubikey for all the sites I log into instead of using 1Password and passkeys? Thanks

@teachmecyber 6 месяцев назад

1. That's correct. If 1Password did not sync the passkey, you would need to set up a passkey for every device you would to use to authenticate to the website. This is the convenience tradeoff for synced vs device bound passkeys. 2. For almost every website today, you still need to have a username / password first and then set up the passkey. So the username / password (and other MFA methods) can be a fall back method. 3. The tech behind the Yubikey and passkeys are are the same, just a different device. E.g. the yubikey can be considered just another device you use with passkeys. You can certainly approach it the way you said (e.g. using Yubikey for every website). It would be more secure because it's a device bound passkey but you lose the convenience factor. All a personal choice.

@michaeleichner7522 6 месяцев назад

@@teachmecyber Thanks so much for getting back to me. And thanks for the clear well thought out explanations.

@explorergal91 8 дней назад

If you still have to have a username and password for most sites as a back up, then can’t they still be hacked by that method?

@steverosenblum823 9 месяцев назад

My main hesitation about adopting biometric passkeys is what happens after I die? How will my designated family member get access to my accounts if they can't use my fingerprint or face? Thanks!

@teachmecyber 9 месяцев назад

You can set up 1Password with a physical yubikey as a backup. With your emergency kit and the yubikey, your family would have access. Separately, you can follow the steps in this guide to set up a family recovery plan support.1password.com/family-recovery-plan