Yubikey Neo support for 1Password?

Now that YubiKey has created their SDK for working with the Yubikey Neo on iOS 11 (seen here), will AgileBits be adding support?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • I saw the same article this morning as @JHerig and am wondering the same. Any anticipated timeline for NFC support with the 1password iOS app? Thanks!

  • BenBen AWS Team

    Team Member

    No definite plans that I’m aware of at this point, but definitely cool technology and we’ll be keeping an eye on it.

    Ben

  • Ben:

    One of the things you can do with the Yubikey is attach a PIN to the device (or, in reality, change the default PIN) so that you can do a more traditional 2FA authentication. With the very strong passwords that the subscription service requires, this would add both convenience and added security to the vaults.

    The Yubikey (or one of the authorized keys, remember, you want a backup) would be presented to the machine via USB, touched to activate, and then a PIN entered before the vault could be unlocked. Something similar would happen on the mobile side as well.

    I’m less concerned about the mobile side, but much more concerned about the desktop side—especially since my machine locks itself multiple times throughout the day. Add in the very lengthy password and there is some productivity lost every day. To the point where I am preferring the apple keychain over 1password.

    Also, just sayin, LastPass implemented it right out of the gate :)

  • brentybrenty

    Team Member

    Thanks for chiming in! As Ben mentioned, it's something we can consider adding in the future. Though, notably, that wouldn't work anyway unless you're using a 1Password.com account. And we already have two-factor authentication there.

    However, it's impossible to have a second when there is no authentication, as with local vaults. And it sounds like you're not talking about using YubiKey as a second factor anyway, if it's in lieu of entering your Master Password. That would be single factor. But thank you for letting us know that you'd specifically like us to add support for YubiKey to 1Password. Cheers! :)

  • Another vote for Yubikey Neo support. Would be a nice addition for membership users.

  • BenBen AWS Team

    Team Member

    Thanks for the feedback @DaveFL. :)

    Ben

  • Please add Yubikey for 2FA.

  • BenBen AWS Team

    Team Member

    Thanks for the suggestion, @kenkho.

    Ben

  • Another vote for Yubikey!

  • BenBen AWS Team

    Team Member

    Thanks for sharing your input, @seanpowell.

    Ben

  • Another vote :+1:

  • BenBen AWS Team

    Team Member

    Thanks, prime.

    Ben

  • danielhfdanielhf
    edited August 2018

    +1

    This is huge and seems pretty obvious for a security product. Additionally, the fact that the only 2FA option for 1Password utilizes a mobile app (Google Authenticator, Authy, etc.) with a QR code-based-one-time-password is far from ideal. If I am a user of 1Password and I'm taking advantage of all its features, I will not have one of the mentioned authenticator apps on my phone—I will be using 1Password to handle my 2FA QR-code-based OTPs. If that is the case, I think the issue is pretty obvious.

    I'd like to see Yubikey NEO added as an option for 2FA in addition to SMS, since I don't want to have to keep Authy/Google Authenticator on my iPhone as just an app to manage 2FA for 1Password.

    I've used 1Password personally for years, but Lastpass at my employers. I love that 1Password has the ability to manage OTPs (unlike Lastpass), but Lastpass's support for Yubikey NEO has me on the fence. I'd love to see this taken care of 😉

  • BenBen AWS Team

    Team Member
    edited August 2018

    Thanks for your perspective on this @danielhf. Obviously we need to carefully evaluate any features that allow someone access to a 1Password account, but we are looking into how/if YubiKey's offering might fit into the 1Password ecosystem.

    Ben

  • brentybrenty

    Team Member

    @danielhf: U2F is being considered because it offers a security benefit. We're not adding SMS.

  • Thanks you for the responses @Ben and @brenty for the prompt responses.

    I understand why you wouldn't want SMS from a security perspective. My point in mentioning SMS was specifically that it was a 2FA option that didn't require an application for which 1Password was already satisfying the need for. I'd love to see U2F and Yubikey support.

  • BenBen AWS Team

    Team Member

    :+1: :)

    Ben

  • SMS is the worst there is. It shouldn’t be used anymore at all for a 2nd factor, but sadly banks still use this.

  • brentybrenty

    Team Member

    I'd say email is worse, but it's a close call. ;)

  • Another vote for Yubikey Neo support for 1Password IOS.

    As an aside, I love that Agilebits stays on the forefront but not the bleeding edge of security issues, and for your well-reasoned explanations of why you support and use various technologies or standards. I wish every vendor I did business with would do likewise. Keep up the great work :)

  • BenBen AWS Team

    Team Member

    Thanks for the kind words and feedback, @nightyear. :)

    Ben

  • Another vote for Yubikey Neo support for 1Password IOS.

    Best regards
    Tom

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

  • +1 for Yubikey New for Mac and iOS. I really like 1Password* and wouldn't change it for anything, but it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    *...except for some v7 UI topics)

  • BenBen AWS Team

    Team Member

    Thanks @JamesHenderson. We do have support for Duo at some membership levels which may offer a more true “2FA” experience. We will continue to evaluate how Yubikey may fit in to the equation, though.

    Ben

  • @Ben cheers. The Duo is just for business use though, isn't it?

  • BenBen AWS Team

    Team Member

    1Password Teams and 1Password Business, yes.

    Ben

  • brentybrenty

    Team Member

    it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    @JamesHenderson: That's not inherently true. You're welcome to use a dedicated device for two-factor authentication. And old phone will work, even without any internet access. :)

  • @brenty ...well blow me over and call me windswept. When did you sneak that in?

  • oh hang on; It's only for the first use on a new device though. ...so better than I thought but still not "proper" 2 factor.

«1

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file