Windows 11 users just got a more convenient way to store passkeys – here’s how it works

Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• A new Windows API allows third-party apps to take over passkey management.
• 1Password is the first password manager to utilize this feature.
• To enable this option, you need to install the latest release of 1Password.

No doubt about it: The technology behind passkeys is confusing. It involves cryptographic keys and authenticators and standards with arcane names like FIDO2 and WebAuthn. It’s no wonder your eyes glaze over.

But here’s a little secret: You don’t need to know all those details. You can reap the security benefit from passkeys by following one simple rule: If a website or app offers you the chance to create a passkey, just say yes. Use your face or your fingerprint or a PIN to prove your identity, and you’re good to go. By following that rule, I’ve amassed a diverse collection of 30 or so passkeys that significantly reduce the friction of signing into websites and online services. 

Passkeys made simpler

The experience isn’t dead simple yet, but it’s usually simple enough. In fact, the most confusing part is deciding where to save the passkey. Because Windows Hello is set up on my PC, it wants to manage that passkey, and I have to push it aside so that I can use the passkey saved in my preferred password manager, 1Password.

Also: How Microsoft finally makes good on its syncable passkey promise – and what’s coming next

That’s all about to get easier, as 1Password takes advantage of a new native passkeys plugin API to integrate its credential management with Windows 11. After enabling the integration, 1Password takes over from Windows as credential manager; you can create passkeys on any device, then sync and manage them with 1Password, using Windows Hello as the authentication mechanism.

How it works

This feature was available for testing last summer, but it required a Windows Insider preview release from the Dev channel, as well as a beta release of the 1Password app for Windows.

Now, anyone running the latest version of Windows 11 and the newly released MSIX version of the 1Password app can enable system-level passkey integration. (MSIX is a packaging format for Windows that uses containerization to keep apps isolated from the rest of the system. MSIX apps can read the registry and file system, but they write their own files and registry entries to a virtualized location, making it easy to clean up after resetting or uninstalling the app.)

Also: How passkeys work: The complete guide to your inevitable passwordless future

With those prerequisites out of the way, 1Password should offer to enable the passkey feature in your desktop app. You can also manually enable this feature by going to Settings > Autofill in the 1Password app and selecting the “Show passkey suggestions” setting.

The final step is to set 1Password as the system authenticator in Windows. That option is available in Settings > Accounts > Passkeys > Advanced options, where you can choose any third-party app that supports the passkey plugin API. When i enabled the Autofill option in the 1Password app, it automatically opened settings to the correct page in Windows Settings, and all I had to do was flip the 1Password toggle to the On position. 

After making that change, you’ll see a new prompt when you create a passkey. Windows will use your preferred credential manager instead of offering to save the passkey in Windows. Windows Hello handles the details of authenticating you to complete the process.

What’s next?

1Password is the first third-party provider to take advantage of this integration, but other password manager apps should follow closely behind. If you use Bitwarden or Dashlane, check for announcements on when those apps will add passkey plugin support. Windows is adding its own passkey sync mechanism as well, using the Microsoft Password Manager in Edge, so you’ll have that as an option if you’d rather not use a third-party tool. 

Also: The best password managers: Expert tested

And here’s a crucial note: As currently implemented, passkeys don’t automatically replace your existing credentials. Instead, they work as a more convenient and secure alternative to entering a username and password. A handful of sites and services currently offer fully passwordless options — you can go completely passwordless with a Microsoft account, for example. But those options are usually for advanced users, and they require extra care to ensure you have backup recovery methods and don’t accidentally lock yourself out of the account with no way back in.

I’ve installed the new 1Password app and enabled the integration on my Surface Pro laptop. The process was refreshingly simple; if you’re a 1Password user, I highly recommend it.