Require Yubikey when Signing into Chrome Extension?

asparks91110
asparks91110
Community Member

I have Yubikey auth enabled for my account, and when I need to log in to my main account through the 1Password website, it prompts for my key. When signing into the extension however, it does not prompt for it. Is there a way to require the extension to ask for the key?

I've seen older questions about this, but they were from early this year and seemed to suggest this feature in the future.

Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben
    edited September 2020

    Hi @asparks91110

    Welcome to the 1Password Support Forum. :) It isn't possible to configure 1Password to prompt for a Yubikey beyond the initial device authorization process (with the web app being somewhat of an exception*). 2FA serves a different role with 1Password than it does with traditional authentication based services, because 1Password's security is encryption based.

    Authentication and encryption in the 1Password security model

    The function of 2FA with 1Password membership accounts is to help protect the device authorization process. Once a device is authorized 2FA is no longer required, unless the device is subsequently deauthorized through the web app, or the browser/app's locally cached copy of the secret is cleared. Essentially 2FA helps prevent a replay attack from authorizing a device. It is not designed to help in the case that someone has access to one of your authorized devices. As such 2FA does not prevent you from accessing locally cached data (e.g. while your device is offline). (*) The web app doesn't utilize such a local cache, and so it is a different situation, however this also means that offline access is not possible with the web app.

    The information in this thread may help as well:

    Two-factor apps — 1Password Forum

    Ben

This discussion has been closed.