Any plans to add support for yubikeys via NFC?

2»

Comments

  • BenBen AWS Team

    Team Member

    @davdroman

    What makes sense in one context doesn't necessarily make sense in another. 1Password is primarily built around protecting your data with encryption opposed to authentication. This is a form of the latter, and adds the most benefit to services that rely on strong authentication methods for protecting your account. That isn't to say that there may not be any merit to it, and indeed there may be yet, but at this point we haven't committed to it. Adding something to 1Password simply because a competitor has done so seems like a race to the bottom. We'd rather make well informed well reasoned decisions about the direction we're headed. We may add this, but we want to make sure there is a solid benefit to doing so. Beyond the question of what benefit this would actually add to 1Password, assuming the benefit exists, we still need to weigh it against other demands. We only have limited development resources, and so we need to be sure we're using them to create the most benefit for the most customers.

    Thanks.

    Ben

  • EndarethEndareth
    edited January 29

    Surely the primary security for Teams/Family accounts has got to be around the authentication, which is where increasing the ease of use of a NFC Yubikey would be a big plus for the average user. Especially with your push towards those subscription based services! It’s hard enough getting all our users running 1Password as it is, and enforcing 2FA as well just makes it a bit harder again. Anything that can make it easier to keep users secure has got to be worthy of serious consideration.

  • BenBen AWS Team

    Team Member

    @Endareth

    Surely the primary security for Teams/Family accounts has got to be around the authentication

    That's not the case, which is why I say what makes sense for one system may not make sense for another. 1Password relies primarily on encryption, rather than authentication for your data's security. Yubikeys would arguably help the latter, not the former.

    Ben

  • LastPass does this, 1Password should too. I hope we don’t see 1P falling behind the competition for too long on this 🙂

  • BenBen AWS Team

    Team Member

    @gandalf_saxe

    I mentioned above, but in case you missed it:

    Adding something to 1Password simply because a competitor has done so seems like a race to the bottom. We'd rather make well informed well reasoned decisions about the direction we're headed. We may add this, but we want to make sure there is a solid benefit to doing so.

    It is something we're evaluating, to see what the benefit might be to 1Password's security model, but we're not going to add it just because LastPass did. :)

    Ben

  • edited February 3

    @Ben

    That’s fair 🙂 let me just note that you have already deemed it beneficial enough for your security model that it’s implemented for desktop operating systems. All I’m asking is for platform parity so I don’t get stuck in a situation only with my phone and Yubikey and no way to access my passwords.

  • BenBen AWS Team

    Team Member
    edited February 3

    @gandalf_saxe

    That’s fair 🙂 let me just note that you have already deemed it beneficial enough for your security model that it’s implemented for desktop operating systems. All I’m asking is for platform parity so I don’t get stuck in a situation only with my phone and Yubikey and no way to access my passwords.

    Ah, so that is actually a different thing. We support using Yubikey to generate TOTP codes for 1Password accounts. This uses Yubikey's Authenticator app, which I believe is not available on iOS (*). To the best of my knowledge Yubikey doesn't support generating TOTP codes on iOS (even via NFC). Their devices just don't do that, at least not yet.

    This thread is about U2F over NFC, which is a different authentication technology from TOTP. It may be that U2F would be a suitable substitute / alternative for 1Password accounts, but we don't know that yet. TOTP is the much more prevalent technology.

    Ben

    (*) From the guide:

    Yubico Authenticator requires Mac, Windows, Android, or Linux. To sign in to your 1Password account on an iOS device, use a different authenticator app.

  • @Ben

    Ah ok, fair enough. Sounds like it's up to Yubikey to make an iOS authenticator app. That was my main request :)

    However I'd still love to see 1Password support Yubikey on iOS via NFC :chuffed:
    As I see it, it's allows us to add another true multi-factor into the mix, in the unlikely case that one's 1Password account is compromised / somehow accessed.

  • BenBen AWS Team

    Team Member

    Thanks for the feedback. :)

    Ben

  • +2 (wife agrees lol) on Yubikey NFC support for iOS

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

2»

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file