Ask HN: 1Password passkeys don't require authentication

[burnrate]

I'm a little confused how 1Password's demo is registering a passkey without asking for authentication (like Yubikey or Touch ID).

For context, 1Password recently announced they were trying to support passkeys for password-less login and created a demo site for users to create passkeys with 1Password: https://www.future.1password.com/passkeys/

I'm a Mac user, using chrome, and I was trying out the demo and I'm really confused how they are able to register a passkey with the user without making an authentication request for the user (like Touch ID, Yubikey, etc.). In the demo, when you authenticate, an overlay appears in the top right hand corner and registers you in automatically if you have the 1Password extension on your computer.

Additionally when I navigate to my chrome passkeys, (chrome://settings/passkeys), none are registered there with the rpId of the demo website.

For safety / security reasons, I'd like to better understand how they're stored if they're not stored on the device's secure environment. If anyone has any insights on this would really appreciate it.

[ale_jacques]

My guess is that it uses your already logged in 1Password authentication to validate.

As they state: "All you need is a 1Password account and the latest version of our desktop browser extension for Chrome." - 1Password account being key here.