Not able to perform initial sign in to iPadOS app with hardware second factor authentication present

thorre
thorre
Community Member
edited February 2020 in iOS

Hello everyone
Recently i purchased a Yubikey 5 NFC only to further secure my 1Password account. I followed the instructions and have the Yubikey and a Authenticator App associated with my account now.

I am able to use the Yubikey when enrolling my iPhone via NFC. So far so good :-)

When I try to enroll my iPad i get the following error message: Your administrator requires two-factor authentication using a security key for everyone on your team. This device doesn’t work with any of the supported security keys. Sign in on another device.

I respect that the Yubikey 5 NFC is not supported on my iPad (despite that it works just fine when I connect it, via an adapter, to the USB-C port). But why am I not allowed to authenticate with the Authenticator App that also is in my account?

I have managed to work around this by doing the following:

  • Sign in to https://my.1password.eu
  • Remove the Yubikey 5 NFC, now only the Authenticator App is present
  • Now I am able to use the code provided from the Authenticator App when enrolling my iPad

I believe that this is a bug and that the iPad app should allow me to choose which second factor authentication mechanism I want to use if multiple alternatives are available in my account.

I have a Family subscription and use a 12.9” iPad PRO with iPadOS 13.3.1 and 1Password app 7.4.5

With best regards
thorre


1Password Version: 7.4.5
Extension Version: Not Provided
OS Version: iPadOS 13.3.1
Sync Type: 1Password Family Account

Comments

  • Hi @thorre

    I apologize for the delayed reply. 1Password for iOS can work with a Yubikey 5 NFC, but only over NFC. I don't believe iPads have NFC capabilities. The API we're using from Yubikey doesn't yet support U2F through the USB-C port on iOS. In this case you should've been able to authenticate with TOTP via your authenticator app. If you deauthorize the iPad from your 1Password account and then relaunch the 1Password for iOS app are you able to get the "your administrator requires" error message to appear again? If so, could you please post a screenshot of that message here? It seems that is being shown incorrectly and I'd like to file an issue with our development team about that.

    Thank you.

    Ben

  • thorre
    thorre
    Community Member

    Hello Ben
    As long as the Yubikey is present in my 1Password family account I get this message when enrolling the 1Password app on my iPad:

    As soon as i remove the Yubikey from the account I am able to authenticate with the Authenticator App.

    When I replicate this enrollment procedure I open the 1Password app, go to Settings > Advanced > Erase All 1Password Dada
    Then I close the app and try to re-enroll the app again.

    You are correct that the iPad Pro gen 3 does not have NFC

  • Ben
    Ben
    edited February 2020

    Thanks @thorre. In speaking with development it seems that they were already aware of this issue, and better yet have already written code to address it. Hopefully that'll ship in an update soon. You shouldn't be seeing that message with a 1Password Families account. But it is possible for 1Password Business accounts to require a hardware security key (disallowing TOTP), and in those configurations it will be impossible to use a USB-C iPad.

    Ben

  • kebel87
    kebel87
    Community Member

    Doesn’t iPad Pro 2018 have NFC?

  • @kebel87

    I don't see anything about NFC in Apple's tech specs for it:

    iPad Pro - Technical Specifications - Apple

    But I'd be happy to be proven wrong. :)

    Ben

  • kebel87
    kebel87
    Community Member

    @Ben You’re right I guess I was mistaking :)

  • :+1:

    Ben

This discussion has been closed.