Curious how this will work in practise. The passkey has to be stored somewhere. Logically, that's in 1Password itself, which would mean you can _only_ login if you have access to a device that's already signed in. Or, in iCloud Keychain, which is what the video seems to show, which would shift the trust model to my Apple ID. What happens if I get locked out of that?
And what happens if biometrics are unavailable on my device (like, after first boot)? Does 1Password then fall back to my macOS login password?
Their blog post is unclear on details, but it feels like there are multiple trade-offs to this where some might want to stick to the current Master Password + Secret Key model.
>The passkey has to be stored somewhere. Logically, that's in 1Password itself,
A Passkey is a WebAuthn-compliant[0] form of authentication which relies on biometric authentication combined with a key pair.[1] iCloud supports the ability to create passkeys, and allows users of Apple devices to use them to sign in by TouchID/FaceID. Another means to get a passkey is to purchase a physical WebAuthn-compliant hardware device, such as a Yubikey or a Google Titan Security Key.
And what happens if biometrics are unavailable on my device (like, after first boot)? Does 1Password then fall back to my macOS login password?
Their blog post is unclear on details, but it feels like there are multiple trade-offs to this where some might want to stick to the current Master Password + Secret Key model.