Use of U2F on iPadOS
Would anyone be able to confirm if U2F works on iPadOS though the USB-C port?
I am hoping that on an iPad (such as the upcoming iPad Mini 6) it would be possible to authenticate to 1Password using U2F via USB-C.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
-
It appears modern iPad Pros have NFC:
https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices
and as such would be able to work with the NFC-enabled keys listedIf the answer weren't changing in less than a week I'd say that perhaps we should've added an asterisk to say that keys cannot connect to iOS/iPadOS devices via USB-C and are only compatible with NFC-enabled devices.
Ben
0 -
Hi @Ben, we spoke about it in another thread I opened which is now closed: Since iPadOS and iOS both support U2F is there a plan to allow users to disallow authenticator/code-based 2FA and only activate U2F for thei accounts? Thanks :)
0 -
Until every 1Password app on every operating system supports security keys, we need to keep the authenticator app option there, or you would not be able to login on certain platforms.
0 -
Hi @ag_ana thanks for your reply. I do understand that. But why not make it optional which second factor to use. For example I only now use 1Password on devices that support U2F so I do not have any need for an authenticator code anymore and would happily switch that off for a certain degree in added security for my account :)
0 -
Just an update for anyone that finds this thread in the future.
The YubiKey 5C NFC works flawlessly on an iPad via USB-C (iPad Mini 6 in this case).
There is also no NFC, USB-C is the only option to use U2F.
0 -
This is an exciting new feature in 1Password, and not to take away from AgileBits credit in any way for innovating, but it's largely a useless feature, due to no fault of AgileBits.
Most websites that support YubiKeys also require that a secondary authentication mechanism exist. Because companies dont want to deal with customer service issues when customers lose their YubiKeys and are permanently locked out of their data. So companies that support YubiKeys also have an SMS backup, Email backup, etc. And generally mandate such a secondary 2FA be set up.
Essentially this means security is only as good as the weakest link, usually SMS due to SIM swapping attacks, and the YubiKey is largely ceremonial.
One website I setup YubiKey on is Gmail and when I log in, it prompts me for it, but I click "authenticate another way" and then use Google Authenticator function, from within 1Password, to generate a 6 digit code, because it's far easier than getting the YubiKey.
If websites ever allow YubiKey to be the single source of 2FA then this will be a fantastic feature, although I never see that happening.
0 -
Hi @brank I completely agree with you. There are sites though that do offer Yubikey as the single second factor. I for example habe it set up that way on my Namecheap account, SimpleLogin, YouTube and some others. So it does exist but very little.
0
