Hardware keys

Hi

I am looking to use only hardware keys with 1Password for 2FA. I see 1Password forces you to create an Authenticator before you add keys ( to me that defeats the whole purpose)

But problem is not that . After I added my both Yubikey 5c to portal . My desktop app and the phone both asked for account verification which is good but my windows desktop app only asked for 6 digit code from Authenticator without giving me any option to use hardware key ( I don’t want to enter code , I just want to use my hardware key )

With my IPhone , it gave me option to authenticate using nfc hardware key but it always fails to authenticate with it and gives me invalid credentials.

FYI: my keys are working fine with other applications I use with windows and iPhone

So what’s up with 1Password ?

I am using latest version of app on both devices

On a side I have another question. I know 1Password team can remove 2FA from an account with request if you are locked out but I want to understand how they verify account holder. I hope it’s not easy enough which can be bypassed using social engineering hacks or using some fake id

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @mmoud!

    My desktop app and the phone both asked for account verification which is good but my windows desktop app only asked for 6 digit code from Authenticator without giving me any option to use hardware key ( I don’t want to enter code , I just want to use my hardware key )

    Not every 1Password client currently supports hardware keys, which is the reason why you are asked to enter an authenticator, so until every 1Password app supports hardware keys, you are still able to login if you have 2FA enabled :+1:

    You can currently use your hardware key:

    • on 1Password.com
    • on your iPhone or iPad (requires YubiKey 5 NFC or YubiKey 5Ci)
    • on your Android device

    On a side I have another question. I know 1Password team can remove 2FA from an account with request if you are locked out but I want to understand how they verify account holder. I hope it’s not easy enough which can be bypassed using social engineering hacks or using some fake id

    Your admin will verify your request in any way they see suitable, based on the company policy. The verification is left to them so they can implement it appropriately based on their business requirements.

  • mmoud
    mmoud
    Community Member

    Thanks

    1. Hardware key didn’t even work with IOS build . May be because I am running IOS14 . So you might want to check it’s compatibility there for final release . Also is there any timeline for enabling hardware keys for windows build

    2. There is no admin . I am only one in my account . So request will go to 1Password support directly . What’s their process ?

  • ag_ana
    ag_ana
    1Password Alumni

    @mmoud:

    Hardware key didn’t even work with IOS build

    What happens exactly when you try to use one? Do you get an error message?

    Also is there any timeline for enabling hardware keys for windows build

    Not at the moment, sorry!

    There is no admin . I am only one in my account . So request will go to 1Password support directly . What’s their process ?

    We ask several verification questions, and if they are correct, we disable 2FA for the account in question.

  • mmoud
    mmoud
    Community Member
    1. When I try , it asks me to use NFC key and when I tap it accepts it but then 1Password says invalid credentials . Tried many times and same issue .

    2. My concern is what can you ask . All you have is my credit card number and location which I use it from . Which can be both easily compromised. Can account be pre verified properly ? So in case of real request you know what to ask

  • ag_ana
    ag_ana
    1Password Alumni
    edited July 2020

    @mmoud:

    When I try , it asks me to use NFC key and when I tap it accepts it but then 1Password says invalid credentials . Tried many times and same issue .

    We will be happy to help you with this. Can you please replicate this issue and then generate a diagnostics report from your iOS device? You can then email it to us to support+forum@agilebits.com, so we can take a closer look at why this is happening to you.

    After you have sent the email, please feel free to post the ticket number you received so we can locate your message and connect it with this forum discussion.

    My concern is what can you ask . All you have is my credit card number and location which I use it from . Which can be both easily compromised. Can account be pre verified properly ? So in case of real request you know what to ask

    We have several questions we choose from that only the owner of the account would be able to know. For example invoice information and dates, subscription type, account type, and many more. We ask several of these, and we only proceed if they are correct :+1:

    I am not sure what you mean exactly by "pre verification", but I think the issue here is that if you are locked out of your account, there would be no way to verify you directly in 1Password. Which is the reason of the security questions.

This discussion has been closed.