[feature request] passwordless sign-in to 1password

Hi,
Are there any plans towards enabling passwordless sign-in (first launch) for 1password at all? such as using an authenticator prompt, authenticator match the numbers (like AAD passwordless), OTP code, key/fido device, Hello, etc? for consumer as well as AAD orgs.

I'm moving towards passwordless auth for on-premises AD, been using it for AAD and Live for a while, this would also help adoption among my wider family members.


1Password Version: 7.6.778
Extension Version: 1.20.0
OS Version: Windows 10 Insider
Sync Type: Not Provided

Comments

  • We may one day update 1Password to work with Windows Hello on unlock, but unless something changes dramatically I don't see us introducing any sort of SSO-type support, @Trundlore. I am not totally familiar with all of the passwordless implementations offered by tools like AAD and I'm sure their implementations will evolve and things might change, but for the moment my understanding is that these still require vaulting the password somewhere which would mean sharing the keys to unlock your data with a third party. We're not going to do that. We feel only you knowing your credentials is fundamental to protecting your 1Password data.

    Another wrinkle is that 1Password is an encryption-based system. I'm not enough of an expert to say these passwordless solutions can't handle encryption keys, but they are designed for authentication. The thing that tends to make them tough to support with encryption is that they rely on trust – if AAD says you are who you say you are, the app you're signing into will give you access without anyone actually sharing the password for the app/site. We fundamentally can't do that. Even 1Password is unable to unlock your data without your Master Password. It can't generate a proper decryption key without it so it can't give you access even if it very much wants to.

    This is an evolving area of IT and interesting for sure. Our research has shown it's not a good fit for us now, but the landscape is changing every day. It'll be fun to see what comes next and if we do reach a point where 0Password might be an option. :chuffed:

This discussion has been closed.