[Feature Request] Yubikey support to prevent access to app from key logging and system takeover

evertb
evertb
Community Member

I request greater integration support be implemented for Yubikey's to prevent access to the windows desktop 1Password app from key logging and system takeover. I am thinking about this from the perspective of if my digital world is compromised through trusted devices at which time what is going to protect my 1Password Windows application and web account as all the keys to everything are in there. Additionally I want that protection when I am away from my computer while it is still running. The only thing I can think of is a physical key like Yubikey so I request a solution to these two problems by providing greater support for Yubikey's:

1) It is great to be able to use a shortcut easy way to access the Windows app in trusted environments upon timeout by allowing the use of Windows Hello, however the problem is Window's Hello allows a PIN solely and I can't change that to demand a combination of both PIN/bio-metrics + Yubikey upon touch to provide that security of requiring a physical key with physical touch plus something I know/am to prevent compromises. I understand this could be solved by Microsoft/Yubikey also (already requested) but I believe 1Password has a current elegant option available as the computer already needed an authenticated user logged in to enable access to the app. I request that the Auto-lock / unlock and easy unlock feature be link-able in combination as an additional step or solely to my Yubikey's as a separate option to Windows Hello, depending upon the users changing physical situation. This would demand a physical touch to reopen the app upon timeout.

2) Equally if my digital world trusted devices are compromised then all my app based soft 2FA codes are also compromised for all my accounts as those trusted devices hold the doorways and keys to everything in a trusted format allowing the reset of all prior security measures. I see the only solution to this is for 1Password to have an elevated security profile in which only Yubikey's are permitted as the 2FA as the secret key and those keys be demanded for all account changes or access beyond a verified trusted device, username and password would be available in in the Windows App itself thereby proving no security. Yes I could have a secondary phone locked in a safe with the soft 2FA but why demand that extra attack vector when I have a family account to reset my account if I lose all my Yubikey's.

I love the 1Password app and we are so close to having available the best combinations of both software secured by something I know plus bio-metrics plus hardware.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @evertb!

    Thank you for taking the time to share this feedback with us! I have passed it to the developers for future consideration ;)

    ref: dev/projects/customer-feature-requests#602

This discussion has been closed.