1Password’s passkey czar dishes all the details about our passwordless future
Passkeys and the increasingly convenient password managers that organize them are getting attention. They gained widespread awareness at Apple’s June 2022 Worldwide Developer’s Conference but recently picked up steam. Several months ago, journalists decried the fragmented passkey ecosystem. However, that’s changing as big companies adopt the secure login method.
1Password, the creator of a popular password manager, was among the first to support passkeys. We talked with Anna Pobletts, 1Password’s head of passwordless operations, amid the revolution of encrypted logins and the hopeful demise of traditional, less-than-perfect password implementations. Her enthusiasm and explanation of the ease and progress of passkey adoption make it clear that subpar password protection is on its way out, and third-party password managers are on the rise.
Passkeys aren’t complicated
They’re just somewhat unfamiliar to most people, for now
Instead of matching your typed-in password to an encrypted, server-hosted copy, the server generates and stores a public key, and your phone creates a private key that never leaves your device (or your approved cloud storage or password manager). The private key (the passkey itself) is too complicated for hackers to guess or social engineers (scammers) to extract from unwitting victims.
Passkeys rely on a password management service. Passkeys extend one-tap login across devices, so accessing your favorite sites and apps is a breeze. In that light, the pros of passkeys are clear: simple logins on all your devices without making up a memorable password every time you sign up for something.
The first time people use passkeys, they have this
aha
moment, thinking, ‘This is amazing. I want all my accounts to do this.’
As far as the downsides of using passkeys, Pobletts was clear. “There’s really no reason not to use passkeys, especially when the current bar is passwords. Phishing is the biggest attack against accounts these days, and passkeys are unphishable, so they’ll eliminate that attack vector.” She continued, “On the usability side, your facial recognition, fingerprint reader, and other authentication you’re familiar with make them so easy you don’t even have to think about it like you do passwords. Passkeys give you both of those: security and convenience all in one.”
Why aren’t we all using passkeys already?
I use a password manager full-time and recently started implementing passkeys. I asked Pobletts why adoption has taken a while and how the industry is changing that. “We’re working on a two-sided approach. On the end-user side, it’s all about education and awareness. The first time people use passkeys, they have this aha moment, thinking, ‘This is amazing. I want all my accounts to do this,’ but a lot of people still don’t have that exposure.
“So, we need to keep getting it out there,” Pobletts explained. “Over 200 major websites, including Google, Amazon, and Playstation, are already on the [community-driven, 1Password-hosted] directory of passkey supporters. That’s a great step toward the exposure and education needed to make passkeys common.”
The end goal isn’t to have zero passwords, says Bitwarden’s passkey expert
In our interview, passwordless.dev lead Anders Åberg explains how passkeys will change the future of authentication
Pobletts then moved to the developer side of the issue. “On the other side of that, businesses have work to do in adding support for passkeys. Users can’t just opt into passkeys on their own with any site, so that takes time and effort from the engineering team.” She continued to break down the importance of the login method to consumers and companies. “It’s really about understanding the benefits to your business. Reducing account takeovers, improving security, encouraging user engagement, and streamlining the login process all enhance your product experience and drive support for the company.”
Pobletts’ energy showed through at this point. She mentioned, “It’s been really awesome to see so much improvement in the last year.” She shared, “A lot of technical improvements are still coming, including a lot of work we do with the excellent FIDO Alliance group. A lot of improvements are coming to make passkeys easier for devs to implement and make them even more secure.”
The FIDO Alliance’s single-minded mission
Good things happen when industries collaborate via open working groups to develop compatible, convenient, and effective standards. The FIDO Alliance works to “reduce the world’s reliance on passwords,” essentially existing exclusively to streamline passkey adoption on both sides.
Pobletts works extensively with FIDO, which she explains consists of “various teams working on different capabilities in the consumer, enterprise, and government spaces.” She continued, “All those groups need different things from passkeys. The government, for example, uses them very differently from how the consumer apps do, so the groups within FIDO work to provide those solutions at every level. A number of credential providers, including 1Password, also work together to provide better capabilities for users.
How to access your passwords in Google Chrome
They’re pretty easy to manage when you know where to look
“It’s a great environment for getting together with clients and customers, talking about what they need, and understanding how to make the whole ecosystem better. It’s driven a lot of development. Even outside of passkeys, we announced a working draft of the Credential Exchange Protocol (CXP), which allows encrypted import and export of traditional passwords. Something like that has never existed with passwords, so passkeys are driving us to enhance security across our whole product.”
Where 1Password fits into the passkey revolution
Passage by 1Password, easing industry adoption
I asked Pobletts to elaborate on 1Password’s efforts to increase passkey availability, and she happily obliged. “Passage by 1Password is a tool that enables developers to add passkey authentication to websites easily. Instead of hassling with the programming, they can use this tool.
“Passage is a library they add to their site consisting of just a bit of code. It gives them all the capabilities, and Passage manages all the passkeys behind the scenes, accounting for the complexities of different devices and making sure everything works on all platforms. That lets administrators guide users through the process, then go back and focus on what they do best, while the professionals with FIDO do all the passkey work.”
I was curious if that meant 1Password was guiding users specifically to its password manager above others, but Pobletts was enthusiastically open like Passage by 1Password. “It’s completely provider-agnostic, so it’ll work with 1Password, Google, Apple, or any other passkey provider that pops up.”
The ways passkeys change how you sign up for and log in to services, and how you don’t have to think as hard about it or worry about phishing, make it clear how passkeys are superior.
Security features only work when people use them, which 1Password’s mission drives home. As Pobletts said, “1Password has always been focused on the user experience. We’re ultimately a security tool, but it’s always been about ease of use and convenience. We’ve really focused on translating the familiar password experience to passkeys, and giving everyone a trustworthy platform. Portability has always been big for us, as has making it easy for users to understand the process, like when they should save or autofill a password.”
Just switch to passkeys already
It’s fast, painless, and offers no real downsides
A security professional’s work never ends, with 1Password (which stores your logins using unbreakable AES-GCM-256 encryption) actively working with Microsoft’s API to integrate passkeys with Windows 11. As Pobletts pointed out, “We’re putting a lot of time and effort into making sure our passkey support is the best and works seamlessly on every platform. We’re committed to continuing that in 2025 and excited to share new technical and user experience developments next year.”
Services like 1Password and technology like passkeys benefit more than just power users and the average Android Police reader. When asked where a password manager ranks in the hierarchy of security-critical end-user decisions (like using an ad blocker or anonymous VPN), Pobletts pulled no punches. “A password manager is number one, mostly because you get that ease of use.” Her example should ring true with tech-savvy readers: “My mom’s even switching to 1Password for Christmas this year,” she shared, excitedly pointing out how even the less tech-inclined users in our lives can benefit from 1Password’s and FIDO’s ongoing work.
Switch to passkeys for a fast and easy security upgrade
Pobletts summed up why and how to convince yourself, your friends, and your family to switch to passkeys and a credential management service without digging into the high-security USB keys required by some high-profile professionals. “Our goal is to help you be more productive by enhancing security and improving convenience. Whether you use 1Password or not, I encourage everyone to add at least one passkey to a password manager and see what the experience is like. The ways it changes how you sign up for and log in to popular services, and how you don’t have to think as hard about it or worry about phishing, make it clear how passkeys are superior.”
