Yubikey behavior

Options
jettSound
jettSound
Community Member
in Mac

I am a happy 1Password customer (for many years) and upgraded to the family plan (from standalone version 6) to enable 2FA with an Athenticator app and a Yubikey and would like to confirm it is working properly.

I am using OS X 10.11.6 and a Chrome browser. I enabled 2FA as per 1Password's guidance - using an authentication app first then registered the Yubikey.

When I logged out on the browser and then went to log back in the system did not ask for 2FA code or the Yubikey. Is this the intended behavior? i.e. Either the Authenticator app or Yubikey is used only once unless I force a 2FA sign on OR deauthorize the device? Thus, no need to carry the Yubikey with me to log back in on a previously enabled device? Can I assume this is the same for iOS devices as well?

Is there a way to require the presence of the Yubikey for every login similar to the RSA SecurID dongles? Perhaps I've misunderstood the role Yubikey plays in 2FA and wondered if this "use once" type of implementation limits the effectiveness of 2FA?

I sincerely appreciate your help!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: OS X 10.11.6
Sync Type: Not Provided

Comments

  • Ben
    Ben
    Options

    Hi @jettSound

    Thanks for taking the time to write in with these questions. :)

    Either the Authenticator app or Yubikey is used only once unless I force a 2FA sign on OR deauthorize the device? Thus, no need to carry the Yubikey with me to log back in on a previously enabled device? Can I assume this is the same for iOS devices as well?

    Correct.

    Is there a way to require the presence of the Yubikey for every login similar to the RSA SecurID dongles?

    There is not.

    Perhaps I've misunderstood the role Yubikey plays in 2FA and wondered if this "use once" type of implementation limits the effectiveness of 2FA?

    Our Chief Defender Against the Dark Arts, Jeff Goldberg, has commented on the purpose of 2FA in 1Password here:

    https://discussions.agilebits.com/discussion/comment/538116/#Comment_538116

    Does that help clarify the situation?

    Ben

  • jettSound
    jettSound
    Community Member
    Options

    Hi Ben,

    Thank you very much! Yes indeed, perfect!

    Best,

    jett

  • Ben
    Ben
    Options

    Glad that helped. :) If there is anything else we can do, please don't hesitate to contact us.

    Ben

This discussion has been closed.