Login with OP CLI tool always requires 2FA code, should use YubiKey/TouchID instead


I have 2FA enabled for my 1Password account(s) and find the login process on the CLI very inconvenient. It asks "Enter your six-digit authentication code" with every login request.

Could you make it either cache some information (like the desktop clients) so that a 2FA code is not required at all after the first login?
Alternatively I would appreciate integration with e.g. libfido2 so that I can at least use an attached YubiKey to quickly confirm the login request.

It would be /even better/ if I did not have to type my master password at all, and it used the YubiKey or Touch ID after the first login. The 1Password macOS client already works that way anyway so I thought it wouldn't hurt to ask if this was also possible for the CLI :smile: .

Thanks, and I wish you all happy holidays!

1Password Version: op CLI 1.8.0
Extension Version: Not Provided
OS Version: macOS 11.1 (M1)
Sync Type: Not Provided


  • Turns out there simply was an issue with my setup. The recent version 1.8.0 prompts for a 2FA code the only once. Nice! :) My point with YubiKey/TouchID login into the CLI tool still stands though -- it would be awesome if this was a possibility.

  • ag_yaronag_yaron

    Team Member

    Hey @xver ,
    I'm glad to hear you're only being asked for the 2FA code once per account :)

    We already had multiple requests for TouchID support with the CLI, but it is quite complexed and won't be addressed in the near future. We do hope to have such support eventually though, so stay up to date and keep enjoying new features as we keep improving the CLI!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file