I can’t wait for Yubico support for the desktop.

So I am starting my own business with a friend, but he has a flip phone.... so using an Authentication App is out of the question. I seriously can’t wait for support for yubico and other security keys for the desk top app for Windows (and Mac).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hey @prime

    Technically speaking, you can already use a YubiKey for 1Password on Windows already, though you do need to unlock with your master password before you can use Yubikey via Windows Hello.

    Another tidbit on that though, Yubikey + Windows Hello integration only works with local Windows accounts, not Microsoft Accounts.

    We'd like to enable the support for Windows Hello on the first start but it requires more research to do it securely because we have to store some kind of key on disk securely. Right now, we only use a one-time scrambled version of your key in memory that is reset when you terminate 1Password; which is why you have to unlock with your master password on every reboot.

    It is something we'd like to offer, but I couldn't comment more specifically than that at this point. :)

  • While this is very much a guess, @Naxterra, as I most certainly have no special insight into how this works, my understanding from some past research was that Microsoft itself may actually be expanding security key support down the road. If I recall, Yubico had their own app for Hello + YubiKey a while back that ended up retired when the (admittedly limited) native support was later added and the expectation was that this would improve over time. How much it will improve and when is a toss, of course, but it at least sounded to me like Yubico themselves adding those improvements wasn't the only option so there may be hope outside of them too. :chuffed:

  • prime
    prime
    Community Member

    This is all good, but it doesn’t protect the actual 1Password account... :lol: i bet it’s soon, and once it happens, I’ll go all Yubico on it :)

  • You're absolutely right, @prime – Hello + YubiKey is more about ease of unlocking than additional protections of any sort. You might argue it's a bit better than typing your Master Password when thinking about certain types of attacks, but ultimately these are two different things protecting against different threats.

    Oh, and it's worth mentioning that I believe Authy has apps for Mac and Windows so TOTP might still be an option for your friend. I instinctively feel like there might be some security implications of having that authenticator app on the same devices as your local data so whether or not that's something y'all are comfortable with is worth a ponder, but it's something to consider all the same. If the same device issue worries you, I'd bet our security team could share some thoughts as well. :chuffed:

This discussion has been closed.