I use Enpass right now with passkeys and have no issues.

I was just now able to sign in to github.com with Vanadium using a passkey, saved in 1Password, without issues. I had to enable chrome://flags/#web-authentication-android-credential-management

Enabling that flag seems to break or disable prompts (they don't show up) for physical security keys, like yubikeys.

    Relaks I just tried this and I have had no luck, no pop up to select a passkey or save a passkey shows up. I understand that this is still relatively new but, it still is frustrating.

    Relaks I activated that flag + 3 party, at least in Google I can choose about password + yubikey or use passkey. Can talk much about other websites but it's definitely supported in the is.

      Tozu

      Tozu I activated that flag + 3 party, at least in Google

      Does this feature require Google Services to be installed?

      • Tozu replied to this.

        Tozu
        Testing on github.com and accounts.google.com, with the flag(s) enabled I do get the option for signing in with password+yubikey, but pressing the option for yubikey does not actually show the yubikey prompt. Does it work for you?

        • Tozu replied to this.

          GoldenDuck1 indeed, at least with enpass passkeys work only with active Google play service!
          However i striped all permission from it and have no other google service active where it could steal permissions from and passkeys still work

            Relaks did not test it before as i use passkeys now (if supported). You are right it also get into an error. Somehow I managed to get the prompt once while playing around with google services but couldn't reproduce it.

            Tozu So its not natively supported in Graphene OS by default, you have to install Play Services...
            The Graphene OS developers should make a Passkey implementation so people shouldn't have to install Play Services.

            Relaks no it does not. I just enabled via your flag using 1pw and it keeps giving the "something went wrong" error.
            Tested on Vanadium, Chrome Canary, and Vivaldi

            Too late to edit last post.
            IT DOES WORK VIA 1PASSWORD

            Give me some time to run through all the steps because it is very very janky but I will come back here with a step-by-step process. I'm currently facing issues with attaching it to Google but I was able to get it to attach to passkeys.io just fine

              N3rdTek ok so I've got good news, bad news, and strange AF news.
              Let's start with the strange; correct me if I'm wrong but passkeys requires Android 14, correct? I have a few devices on hand due to being a tech enthusiast, one of which is a Galaxy S10. It only supports Android 12 because "Reasons" yet feels faster than my Pixel 7.... at times, but rarely ever worse.

              However, not only can I create & sign into passkeys.io with a passkey, after enabling the chrome flag , I can do it with my Google account also. It doesn't seem to even respect my Autofill choice of 1Passwors having disabled Google as my Autofill choice in settings. Yet still detects, authenticates, and signs me into my Google account using Google password manager.
              And to top it off? When I initially tested passkeys.io I wasn't aware I was doing from my S10 initially. When I went to test on my pixel, it asked if I wanted to sign in using my saved passkey from the S10....Stange AF right?

              Now the bad; my pixel 7 running GoS will not work for any of my Google accounts. I've tried just about everything;

              • setting 1pw as autofill
              • Setting Google as autofill
              • Trying regular ol chrome browser
              • Trying Chrome Canary
              • Trying any other browser
              • Trying a brand new never used before browser (Vivaldi)
              • Completely removing the Google account from device then trying

              Feel free to prove me wrong I spent upwards of last hour testing.

              And the good?
              It works for passkey.io, it works for GitHub, I'm getting ready to try a couple more but general consensus so far seems to concur our devices will support passkeys to almost everything but Google.
              Provided that you;

              • enable the chrome flag as mentioned earlier chrome://flags/#web-authentication-android-credential-management
              • set your password manager as autofill
              • then attempt to register your passkey/device

              This is useful to know but man, what a janky as hell future to get rid of passwords amirite?

                N3rdTek passkeys requires Android 14, correct?

                Only Google's passkey support for third-party services requires A14. Google's first-party implementation requires merely A9: https://support.google.com/accounts/answer/13548313?hl=en
                But that won't work on GOS.

                N3rdTek This is useful to know but man, what a janky as hell future to get rid of passwords amirite?

                The support for this in Chromium/Chrome is still experimental. That's why you have to enable the experimental flag(s)... Support allegedly will arrive later this year. I don't expect anyone to think that most people would spend an hour setting up a, for the time being, clunky feature. I'm guessing that's why 1Password and the like don't want to say they officially support it yet, even though it somewhat works.

                Personally I'm sticking to FIDO2 security keys for the time being. They just work.

                  Relaks o
                  Out the browsers I tried, for whatever reason Vivaldi felt the most stable & worked the most consistently for 1Password if that helps you or anyone else that may read this.

                  Previously was using mostly vanadium and brave nightly. No real reason why nightly other than cuz I just like purple

                  18 days later

                  Passkey sign-in with 1Password no longer seems to work in Vanadium (although it does still work in Brave): I'm prompted to select the correct passkey, but when I press Continue it just goes in a loop, asking me to verify the passkey again.
                  Google recently changed the options in the flag, so you now have to select "Enabled for Google Password Manager and 3rd party passkeys", and enable both 1Password and Google Password Manager as providers in Android's settings in order for it to detect passkeys saved in 1Password.

                  I'm still annoyed at Google for not implementing CTAP2 within Play Services, which makes using Yubikey as a passkey on several sites, such as Microsoft, impossible. But that's a different matter.

                  24 days later

                  It seems like third-party passkey sign-in and registering is now broken in Vanadium (tested with 1Password). That is, passkeys are correctly recognized and can be selected, but websites I'm trying to sign in to throws an authentication error after the passkey is selected.

                  Both sign-in and registering with passkeys work fine in Brave (tested with github.com, Brave Nightly). It also does not block the security key prompts when Yubikey is registered as MFA (tested with proton.me, slapp om Brave Nightly).

                  The feature is still experimental, it seems, so I think it's too early to file a bug report for Vanadium.

                  11 days later

                  Note that 1Password appears to recently have restricted browser passkey support to only accept them to be used within supported browsers. Vanadium is not a supported browser by 1Password, so passkeys will refuse to fill in Vanadium.

                    Relaks I've been a faithful 1password user for about 3 years now, but in all honesty I'm getting quite fed up with it because since I've been trying bit warden that thing works everywhere and I mean literally everywhere. But it doesn't have an accessibility service. So how the hell is 1password dropping the ball in so many areas such as regular autofill and now pass keys when here comes bit warden just strolling around and doing everything with ease making it look simple?

                      N3rdTek But it doesn't have an accessibility service.

                      From a security perspective, it's not recommended to to configure a password manager as an accessibility service. The auto-fill service exists and is the proper way to use a password manager on GrapheneOS.