Yesterday I tried using passkeys with Google and had a bad experience. I’ve since found a couple of sources of the problems and worked around them. I will reiterate it’s still all a bad experience, in no way is this product ready for ordinary users to rely on.
Some of my passkey problems may be specific to logging in to Google services. There seems to be something wrong specifically with their server-side authentication implementation, maybe related to the “new login page” they recently launched. I’m having a better experience with other sites. With both GitHub and Adobe I’m able to create a passkey, save it, and use it to log in. Sometimes. Chrome seems to be sending passkey requests to the wrong device.
Some of my problems might also be related to 1Password. It’s in the middle, between the authenticating site and my browser. But I really want passkey requests to go through to Google’s passkey agent on my phone (at least until 1Password works on Android). See below for notes on 1Password; I’ve disabled its passkey support in my desktop browser for now.
The main problem I’ve encountered is which agent I store the passkey on. I have at least four possibilities: 1Password, Windows Hello (on my desktop), my Pixel 8 Android phone, and my Samsung Android tablet. Those latter two are the same data store, with passkeys synced, but separate physical devices. I want to use the Pixel 8 because it’s the most likely to be accessible to me, at least until 1Password works reliably on Android. But it’s seldom the device I’m logging in on, so I’m relying on Chrome / Windows delegation to a nearby device.
Saving a passkey
This is what saving an Adobe passkey looks like. Before I turned off 1Password, Chrome on Windows wanted me to save the passkey in 1Password, that’s the screenshot above left. If I click the little Yubikey looking thing at the top then I get brought to a Windows dialog in the middle: this is asking me to save it to Windows Hello on my desktop, as authenticated with a PIN. If I then click “Use another device” I get the option of using my Pixel 8. That works; the Pixel gets a message (Bluetooth? Internet?), pops up a screen, and I can save the passkey.
Logging in with a passkey
Logging in worked for me, at least once. But as I tried to document this more thoroughly it failed. I finally turned off 1Password’s recommending passkeys in the browser and that seems to have simplified things enough where they work reliably.
That slideshow is the easy seven step process that’s working for me to log in. I believe steps 1 and 2 are Adobe’s website, 3 4 and 5 are all Chrome on desktop, and steps 6 and 7 are Windows. Not depicted: the extra steps for the UI on the phone to actually use the passkey.
Things go really wrong between steps 3 and 4. I say “Use a passkey from Pixel 8” and then the browser sends the request to SM-X800 instead. That’s my Samsung tablet. WTF? Google knows I’m logged in to two Android devices and syncs passkeys to both of them. So in theory either device would work but I have the phone with me always, not the tablet. And it’s wacky that I am prompted for “Pixel 8” and it sends it to “SM-X800” instead. The passkey dialog sometimes shows up on the tablet but when I’ve tried using it it fails (now it’s not even showing up). I can’t find any way to tell Google to use my Pixel 8 exclusively, or preferentially. I asked on Reddit.
So instead of step 4 I do steps 5 and 6 instead, the awkward way to get Chrome/Windows to use another device for a passkey instead of the default. Note the UI stops being Chrome and starts being Windows at step 6. The good news is this does work; the passkey dialog shows up on the Pixel 8, I approve, and I’m logged in.
Mind you this 7 step process is the good case, I have it working reliably and repeatedly. But only after disabling 1Password entirely and only after going through contortions to work around some problem with using the wrong passkey device. Still not sure how that is happening.
Update: really helpful response on Mastodon from a Google engineer saying at least some of what I’m encountering with multiple devices could be a bug in Chrome.
1Password
I’ve only gotten this far by disabling 1Password’s passkey support entirely. It looks like this:
I’m sympathetic to 1Password, it must be very hard to preserve your business when dependent on the platforms of monopolists. I want them to be my passkey store. But until 1Password works on Android I can’t. And the Chrome desktop browser integration on Windows seems to be causing me problems. Not sure if it’s outright bugs or if it’s just some things are simpler without it.
Anyway, here’s the 1Password extension preferences and its confusing array of options for exactly where it will intervene. As you can see I’ve disabled the most obvious passkey part of it. I still see some evidence it’s in the middle sometimes though. I’m really not sure. Some of my testing has been with the extension entirely disabled in Chrome, I’m reasonably sure it’s not involved in those cases.
Nelson's log 