I've been reading the many (many!) requests for 2FA, and as an AVID 1Password user and security practitioner, I'd like to cast my vote too, as I too would like to see 2FA integration into 1Pass if only to protect my data further.
I work at RSA, in a unit responsible for mitigating the threats of phishing and malware attacks. Let me tell you something -- it's only getting worse. The bad guys are becoming much better at stealing our data; and infecting machines with a piece of data-stealing-malware is as simple as browsing to a website... We work under the assumption that our computers are infected. User awareness only goes so far.
With that in mind, each time I enter my master password into 1Password on my PC, my heart skips a beat. What if there is malware on my machine grabbing that password?... Even if I change my password on a weekly/monthly basis, it'll just grab it again... Passwords are dying (if not dead already). There's a reason Google, Dropbox and others are moving to 2FA.
So I join the crowd in requesting 2FA integration to secure our LIVES (I mean I keep EVERYTHING on 1Pass). This can be done in many ways -- a tokencode being one of them (a la Google Authenticator); Asking for a concurrent login from another registered device is another.
We live in interesting times, and we need to think in un-traditional ways about how to protect our data.
Thanks for listening!
Thanks for taking the time to contact us. I split your post from that other thread since it was about adding an RFC2336 compatible generator to 1Password so you could use the 1Password app with your Google account(s) and other RFC4226 compatible sites. It was not a request for multifactor authentication (MFA) in 1Password itself which is what it sounds like you are requesting.
I'd like to cast my vote too, as I too would like to see 2FA integration into 1Pass if only to protect my data further.
I'd like to cast my vote too, as I too would like to see 2FA integration into 1Pass if only to protect my data further.
Adding a TOTP generator to 1Password would not affect your 1Password data in any way, so that's what leads me to believe you are requesting MFA for 1Password itself rather than a TOTP generator for use with other sites. Please correct me if I am mistaken. Presuming you are requesting MFA in 1Password itself, please indulge me as I explain why typical MFA doesn't actually apply to 1Password.
Multistep authentication has clear and obvious security benefits. So it is more than natural for people to ask why 1Password doesn’t employ it. We're planning to write a more detailed explanation of our developing thoughts on it, but let's discuss the difference between authentication and decryption.
When you connect to some service, like Dropbox, you or your system has to prove that it really has the rights to log in as you. That process is called “authentication”. It is the process of proving to the Dropbox servers in this case that you are really you. You can do this through a username and password; you can do this through a username, password, and code sent to your phone; you can do this by having a particular “token” stored on your computer. Authentication always involves (at least) two parties talking to each other. One party (the client) is under your control; the other (the server) is under someone else’s control.
1Password, however, involves the 1Password application (under your control) talking to your 1Password data (under your control) on your local disk (again, under your control). This is not an authentication process. So 1Password doesn’t even do one-step authentication. It does no authentication at all. 1Password doesn’t gain its security through an authentication process. Instead the security is through encryption. Your data on your disk is encrypted. To decrypt it you need your 1Password master password.
There are great advantages to this design: Your data and your decryption of it doesn’t require our participation in any way once you have 1Password. Your data is yours. Even if AgileBits were to get abducted by aliens tomorrow, you would still have access to your data since we never store it on our servers.
However, one disadvantage of this design is that the kinds of techniques used for multi-step authentication are entirely inapplicable to 1Password. Those techniques are designed to add requirements to an authentication process, but unlocking your 1Password data is not an authentication process at all. Because there is no 1Password "server", there are no (additional) steps we can insist on as part of a (non-existent) login process.
1Password is decrypting data stored locally on your system, it is not authenticating against some service. So in truth, we don't even have 1 factor authentication, as there is no authentication in the first place. So typical approaches to MFA won’t work.
However that doesn't mean that it is impossible for us to do something that looks like MFA. There are roughly two approaches (each simpler than PKI). One of them is key splitting. That is the result of processing your Master Password doesn't actually get you a working key to decrypt further, instead that result would need to be XORed with another 128-bit key. So it is simply a case of storing that other "half" of the key on some other device. 1Password would need to be able to read that device, which may be tricky on iOS, but it isn't insoluble.
The other approach would be to move the keyfile. 1Password (on the desktop) has a file called encryptionKey.js. That file contains an encrypted key, which is what gets decrypted by the key derived from your master password. That file (and some backups of it) are part of your 1Password.agilekeychian (which is actually a folder bundle, which looks like a single file on the Mac). It would be possible for us to allow that file (and its backups) to reside on some device or location. Both that file and the Master Password are required to get any further.
We are more inclined to do key splitting rather than having a movable keyfile.
The real technical difficulty is getting this to work on every platform. Again, because this is all about data decryption and not authentication, we can't just implement this on one platform (if it were to be anything other than just for show). So while this isn't insurmountable it means that even the "simple" approaches that I described would be tricky.
But the real reasons that we haven't put in substantial effort in that direction is because for every case where someone reports that their computer or device has been stolen, we get probably a hundred more of "I forgot my Master Password" or "I damaged my data and didn't have usable backups". My fear is that key splitting or keyfile moving wouldn't just double the rate of people getting locked out, but would increase it much more. The threat of data lose becomes very substantial.
Again, because we aren't running a system that people authenticate against, there is nothing we can do the help people recover their data if they damage a key or forget their Master Passwords.
Now of course we could make it an advanced option with lots of warnings, but we know that people will always dial up security settings to 11 whether it is in their interest or not. Remember that 1Password is a mass market product. It's great that security geeks use and respect it, but we don't want to give our users rope to hang themselves with.
I'm just spelling out why, to date, we have resisted calls for MFA. It's harder to get right for a decryption system than for an authentication system, and we think that it might do more harm than good.
None of this is written in stone. The threat landscape, patterns of usage, and device capabilities change. So while there are no immediate plans add this, we are leaving the door open in the design of our new data format.
It is good that you are thinking about these things. Please let me know if you have any additional questions or concerns. We are always here to help.
Thanks for your (very detailed) reply! (and for splitting out my response -- you were very right to do so!)
Yes, I am worried about the auth (or decryption) process, but the fact that there is no server in the process, doesn't necessarily mean that we cannot add a 2nd layer of auth.
As I mentioned in my post, if malware gets a hold of my password and the data file then I am, well, screwed! I guess we all are at that point. If we could deploy 2FA/MFA to add another layer of protection in the auth process I would sleep more comfortably. My idea is this:
As a 1Password user on Mac and PC and iPad and iPhone I always have more than 1 device with me (and in particular always have a mobile device with me). If we could leverage the network sync function (or bluetooth) to add a second layer auth to unlock the file that would be very cool!! In otherwords, you open 1Pass on the PC, unlock it, but before we can go any further, the app requires the presence of a mobile 1Pass. At that point, I pick up my iPhone and unlock 1Pass there (maybe with a pin and not the full master password). Because the devices are on the same network (or bluetooth), the "auth" is complete and the PC 1Pass unlocks fully. This way, if the data file is stolen (and master password), it would still be impossible to unlock without the mobile device.
Usability-wise? Yes -- this isn't very usable, but security is never about usability. If there is enough requests coming in for stronger auth, and if most people also have the moblie device, I would ask that you consider this as a future feature (that a user could then turn on or off).
Thanks again for your time, Khad!
Like Daniel, I'm worried about the possibility that someone might obtain my 1PW password and data file through malware. I admit that the likelihood is probably very low, but the downside were it to happen would be huge given the depth and breadth of information I have stored in 1PW. Risk mitigation is the primary reason I decided last year to stop using Dropbox with 1PW. Although storing everything locally on my devices is considerably less convenient, doing so provides me more peace of mind. (Despite the many posts about the safety of using Dropbox, it just makes me feel better not to use it for this purpose.)
I respectfully disagree with Daniel that security is never about usability. I fear that if security becomes too onerous, some people will find less secure workarounds. One example from my workplace, where we are concerned with HIPAA and similar regulations, concerns the way we've enforced use of "complex" passwords with non-alphabetic characters for authentication to some systems. Unfortunately, they are so difficult to remember that some users commit them to paper, which somewhat negates the advantage of having a password. I've made the argument that long passphrases that are easier to recall would be preferable, but with little success.
However, I do agree that choice is good. For their own data, people should be able to choose a level of security that they are comfortable with, trading off robustness for usability as they wish. Two-factor authentication using an iOS device might be a good option if it could be made to work reliably with 1PW on the desktop, though it would beg the question as to how to securely access 1PW on the iOS device itself.
Another option would be to employ biometrics as a second factor. Almost all the devices on which I use 1PW have a camera, which could enable the use of facial recognition.
Of course, I realize that incorporating measures such as these might not make sense for a mass market product like 1PW, though I would willingly pay for additional security options. In any case, I think that it's important to think about these issues. It's also worth noting that iCloud Keychain in OS X Mavericks will be viewed by some as a free replacement for 1PW. Although I don't agree - I would be very reluctant to store all the data that I currently keep in 1PW on Apple's servers - the more that AgileBits can do to differentiate 1PW from Apple's offering (such as providing additional ways to unlock 1PW), the better.
As @Khad has pointed out we don't really have even one factor authentication (there is no authentication, only encryption) then typical 2FA approaches simply wouldn't work.
There is, however, an analogue to 2FA for encryption. That would be "key splitting".
1Password derives a key from your Master Password through PBKDF2. This process ends (depending on version etc) with a 512 bit number that is used as a derived pair of keys (one for encryption, another for MAC checking). Let's call this number the "Master Password Derived Key"
What we could do is have another 512 bit number that is stored (securely?) on some portable device. (Let's call this the "Externally Stored Key").
We could make the actual keys that 1Password uses to encrypt stuff be the result of an XOR operation of the MPDK and the ESK. If you (or an attacker) only has one or the other, there is absolutely nothing they can do with it. Both are needed to decrypt.
Now remember, for this to provide real security your data needs to be encrypted with MPDK xor ESK. As a consequence you need to be able to get the ESK "into" 1Password on every platform you use it on. You can't have split keys on on platform without having it on all.
There are dongles and systems that will store such a key that will work on the desktops. There are dongles that will work on iOS. There are dongles that will work on Android. There is no single system that will work on all platforms. And very few of the ones that only work on a some platforms have the security properties that we would like.
I should say that this is something that we are continually reviewing. We are on the lookout for some mechanism that will work for 1Password on all platforms and provide the security, and particularly, the reliability that would be necessary for this. Also note that most existing systems are designed for authentication, and not to provide a static encryption key; although many can be coerced into doing what we want.
But don't expect anything soon. We are going to insist on extreme reliability before would would ever enable the use of such a system on real 1Password data. The potential for data loss is just far too great.
I know that this isn't the answer you were hoping for, but I hope that this also gives you insight into our thinking on this.
Chief Defender Against the Dark Arts @ AgileBitshttp://agilebits.com