Use of a security key also requires a PIN?
Comments
-
Looks like v846 is doing
discouragedproperly, I just tested re-registering again and all good (after wiping the FIDO2 application again due to 14.5.1. of the webauthn spec)Thanks for getting it sorted out!
0 -
Just wanted to chime in and say that I, coincidentally, set up one YubiKey on my Mac, from scratch, to use for 1Password, and another on Windows. Only windows asked for a PIN when setting it up.
I haven't been asked about this PIN ever since, but I haven't been using my Windows machine much either. I think it's a good idea to set it "discourage" because a forced PIN code doesn't make sense on a security key IMO. The danger of forgetting this very important PIN is much greater than the potential benefit it brings – that is, unless the user specifically asks for it.
If anyone knows when and how I will ever need this PIN again, I'd love to know. Up until now I'm memorizing it once a day and by now it's fairly well memorized for me. But seeing that it's a PIN I never use, I'm a bit worried that I could forget if I stop memorizing.
0 -
Hey @gandalf_saxe
I totally understand the concern with having 'yet another PIN' to remember. I'd recommend considering storing said PIN in 1Password for safe keeping. Going forward newly enrolled keys should not cause a prompt to create a PIN. I'm also not aware of any circumstances where you'd be asked for said PIN, in association with 1Password. As for if the PIN would ever be needed in any other context... that may be a question that the key vendor / Yubikey could address. They may also be able to comment on if it is possible to remove the PIN altogether. :+1:
Ben
0 -
Yes. I guess I'll just download Yubico's tool and see if I can remove the PIN with that, and otherwise remove the yubikey from 1Password and add it again.
0 -
Sounds like a good plan, @gandalf_saxe. Please let us know how it goes. :)
Ben
0
