sec: Passkeys are everywhere how do I add to 1Password and Apple Keychain

The new passkey thing is pretty confusing, suddenly applications are asking for passkeys, what’s the right way to do this? Here I’m assuming you have two useful tools, 1Password which allows cross-client passkeys, so you do them once and it appears across all your machines. The main ones I’m using them for are Google, GitHub, Amazon, Microsoft 365,

Google Passkey strangness

The other place is Apple Keychain which works across all Apple devices, but how do you do it, well here is how for each major passkey capable login:

  1. Google Workspace Enable Passkeys. The administrator needs to go to Security > Passwordless (Beta) -> Allow users to skip passwords at sign-in by using passkeys to enable it.
  2. Google and Chrome. Go to this link and click, make sure you have the 1Password and Apple Keychain extensions added to Chrome or to Apple. For Chrome, when you click on “Create Passkey”, you will see which passkeys already exist. If you have them both in 1Password and Apple you are done. If not, then click on “Create a passkey”, you will see 1Password come up and it will ask you into which account should you put the Passkey, look for the 1Password entry and note if you have multiple Vaults with duplicates, once you put it into an entry, you need to duplicate it for others. Once you do that, do Create Passkey again and press Escape when you get to 1Password, then you will see the Apple notifications.
  3. Google and Apple Safari. This works differently, you go to the same Google Get a Passkey and create the 1Password one as we did before. But to create an Apple one, you click to create and you will see the 1Password window come up. Click on the upper right key icon there and you will get an Apple Touch login and this will create a new Passkey. The name is not very informative, so edit the passkey as “Apple Keychain”
  4. When 1Password or Apple Keychain doesn’t come up, choose another device. The behavior of this passkeys stuff is pretty strange. Sometimes 1Password comes up and sometimes only the Apple Keychain comes up, if so then you need to choose “Another Device” and then on that phone, select 1Password to add that passkey.

Passkeys can take seconds to come up

One interesting issue is that sometimes it looks like a Passkey request is hanging at least on Google just wait, I suspect on Chrome, it is 1Password and iCloud Keychain fighting

Amazon passkeys easier

The Amazon passkeys are also buried in:

  1. In Your Account, select Login & security.
  2. Select Set up beside Passkeys.
  3. Select Set up.

And again like Google, if you add it, then 1Password comes up if it’s active, to get to Apple Keychain, select Other device and then use your phone to read the OCR and then add it to the iCloud keychain.

Note that Amazon works better so that you get an Amazon.com dialog that lets you put it directly into iCloud Keychain or you can do the OCR trick. I didn’t realize this but Brave also supports passkey storage as does Firefox, but I stick with 1Password because it is end-to-end and Apple because they seem to take privacy seriously

Github passkeys

YOu need to setup the passkeys in Github and again it’s burried in Settings

  1. In the “Access” section of the sidebar, click  Password and authentication.
  2. Under “Passkeys”, click Add a passkey.
  3. If prompted, authenticate with your password, or use another existing authentication method.
  4. Under “Configure passwordless authentication”, review the prompt, then click Add passkey.
  5. At the prompt, follow the steps outlined by the passkey provider.
  6. On the next page, review the information confirming that a passkey was successfully registered, then click Done.

This let’s you setup both 1Password and also iCloud Keychain

2 responses to “sec: Passkeys are everywhere how do I add to 1Password and Apple Keychain”

  1. Chancerubbage Avatar

    @rich @richtong

    It seems to also work (or not work) in nested doll fashion. Passkeys for your 1Password. Co-existing, possibly conflicting with old methods. I’m fine with trusted biometric sign in.

    1. rich Avatar

      Yes me too. I used biometrics when in can but many sites don’t support yet.

I’m Rich & Co.

Welcome to Tongfamily, our cozy corner of the internet dedicated to all things technology and interesting. Here, we invite you to join us on a journey of tips, tricks, and traps. Let’s get geeky!

Let’s connect

Recent posts

Loading Mastodon feed…