Many devices and web browsers now support passkeys, which are intended as a more secure alternative to traditional passwords. One of the best password managers is now testing passkey support, side-stepping the problem of master passwords.
Most password managers store all your data with a single master password, but they work best as long and unique passwords — the types of passwords most of us are bad at memorizing. 1Password, our current top pick for the best password manager, is now testing the ability to use a cross-platform passkey for authentication and vault access instead of a master password.
1Password said in a blog post, “Unlike user-created passwords, passkeys are strong and unique by default. They’re generated and stored on your devices, and they’re never shared with our cloud service. Passkeys are also resistant to phishing, and they have a full 256 bits of entropy to prevent cracking — providing even more protection than our Secret Key. They’re safeguarded by biometrics and hardware-level security. And we’re building them to be portable between all your devices and platforms.”
Master passwords are the main line of defense from someone obtaining all data in a password manager. For example, LastPass suffered multiple security breaches last year, culminating in hackers obtaining a backup of customer vault data — with the only remaining protection being the master password encryption. Passkeys make it even more difficult for hackers to access your data, since they’re not shared with 1Password (or wherever else you use passkeys), and they’re not a text string you can accidentally enter in a phishing page.
1Password says the ability to switch accounts to a passkey is “starting this summer.”
Source: 1Password