Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- A new Windows API allows third-party apps to take over passkey management.
- 1Password is the first password manager to utilize this feature.
- To enable this option, you need to install the latest release of 1Password.
No doubt about it: The technology behind passkeys is confusing. It involves cryptographic keys and authenticators and standards with arcane names like FIDO2 and WebAuthn. It’s no wonder your eyes glaze over.
But here’s a little secret: You don’t need to know all those details. You can reap the security benefit from passkeys by following one simple rule: If a website or app offers you the chance to create a passkey, just say yes. Use your face or your fingerprint or a PIN to prove your identity, and you’re good to go. By following that rule, I’ve amassed a diverse collection of 30 or so passkeys that significantly reduce the friction of signing into websites and online services.
Passkeys made simpler
The experience isn’t dead simple yet, but it’s usually simple enough. In fact, the most confusing part is deciding where to save the passkey. If Windows Hello is set up on your PC, it wants to manage that passkey, and I have to push it aside so that I can use the passkey saved in my preferred password manager, 1Password.
Also: How Microsoft finally makes good on its syncable passkey promise – and what’s coming next
That’s all about to get easier, as 1Password takes advantage of a new native passkeys plugin API to integrate its credential management with Windows 11. After enabling the integration, 1Password takes over from Windows as credential manager; you can create passkeys on any device, then sync and manage them with 1Password, using Windows Hello as the authentication mechanism.
The new 1Password onboarding process handles the details of integrating passkeys with Windows.
Screenshot by 1Password
How it works
This feature was available for testing last summer, but it required a Windows Insider preview release from the Dev channel, as well as a beta release of the 1Password app for Windows.
Starting today, anyone running the latest version of Windows 11 and the newly released MSIX version of the 1Password app can enable system-level passkey integration. (MSIX is a packaging format for Windows that uses containerization to keep apps isolated from the rest of the system. MSIX apps can read the registry and file system, but they write their own files and registry entries to a virtualized location, making it easy to clean up after resetting or uninstalling the app.)
Also: How passkeys work: The complete guide to your inevitable passwordless future
With those prerequisites out of the way, 1Password should offer to enable the passkey feature in your desktop app. You can also manually enable this feature in 1Password by going to Settings > Autofill and selecting the “Show passkey suggestions” setting.
The final step is to set 1Password as the system authenticator in Windows. That option is available in Settings > Accounts > Passkeys > Advanced options, where you can choose any third-party app that supports the passkey plugin API. The two screenshots shown next are from last summer’s beta, but the experience should be unchanged in the final release.
Use this option in Windows 11 Settings to change the system-level passkey manager.
Microsoft
After making that change, you’ll see a new prompt when you create a passkey. Windows will use your preferred credential manager instead of offering to save the passkey in Windows. Windows Hello will handle the detail of authenticating you to complete the process.
With a third-party app set as the passkey manager, you’ll see this dialog instead of the Windows version.
Microsoft
What’s next?
1Password is the first third-party provider to take advantage of this integration, but other password manager apps should follow closely behind. If you use Bitwarden or Dashlane, check for announcements on when those apps will add passkey plugin support. Windows is adding its own passkey sync mechanism as well, so you’ll have that as an option if you’d rather not use a third-party tool.
Also: The best password managers: Expert tested
And here’s a crucial note: As currently implemented, passkeys don’t replace your existing credentials. Instead, they work as a more convenient alternative than entering a username and password. A handful of sites and services currently offer fully passwordless alternatives — you can take this step with a Microsoft account, for example. But those are usually an option for advanced users, and they require extra care to ensure you have backup recovery methods and don’t accidentally lock yourself out of the account with no way back in.
I’ll be testing the new 1Password integration over the next few weeks and will update this post with hands-on details.