Good afternoon everyone,
I've done some research on YubiKey, the security key that can be used for authentication and is also supported by 1Password.
Currently, I don't have a YubiKey, but I'm thinking about getting one. I would like to achieve the highest possible security.
To enable two-factor authentication in 1Password - there must be at least one app set up that generates the one-time codes. Now I wonder if it makes any sense to use an ordinary authentication app like Authy because if someone gains access to the smartphone - they will also have the second factor. You use the YubiKey to enforce that it is required to log in. (in addition to the secret key, master password, region and email address).
What is the most secure way to implement this? Should I use the Yubico Authenticator to use it as an authentication app? If I understand the concept correctly - you have to connect the YubiKey to the device to unlock the authentication app.
Then you can write down the secret for the authentication app in a safe place.
I also have a question regarding the YubiKey. Maybe someone can answer me this question here: If you want to log in on multiple devices at the same time - you need multiple YubiKeys. My question now is - how can this be implemented when some services that support the usage of a security key only support one at a time? For example, if you can add only one security key on Dropbox as a second factor. With 1Password, several security keys as a second factor are supported at the same time - to my knowledge.
I would appreciate hearing your thoughts on this.
Thanks for reading
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1Password.com