Yubikey in windows client?
I just got a Yubikey Nano and successfully connected it to my 1Password Family account in the browser.. However, it seems to have no effect/benefit on the Application. I still login to the application with my password or my Windows Hello PIN, and I don't see any way to enable the Yubikey support. It shows up and asks me for it on my iPhone (so I guess I need one of the NFC enabled keys), but nothing on the Windows app.
How do I enable this?
1Password Version: 7.8.820
Extension Version: Not Provided
OS Version: Win 10
Comments
-
Hi @Yeraze, thanks for letting us know about this. I understand that the security key feature hasn't quite worked for you yet. Let's fix that!
To start, here's our quick guide to setting up security keys with your 1Password account, in case you hadn't seen it already: https://support.1password.com/security-key/
Does that process work for you? If not, can you tell us at what step in the process things go awry? With that established, we should be able to chase down the problem for you and set things to rights.
0 -
That process seems to work just fine.. Like I mentioned above, I'm able to use my Yubikey to auth to the 1Password.com website.. However, it seems to have no impact on the 1Password app on my Windows laptop. That app still only authenticates with my password, doesn't seem to use the Yubikey at all.
0 -
@Yeraze The 1Password app only asks for two factor authentication once per device. If you have already authorized the 1Password app on that device then it will not ask again unless you remove it from your list of authorized devices as 1password.com. However, as far as I know, the Windows app doesn't yet support YubiKeys, so you will need to enter an authenticator code.
0 -
@rootzero if that's true, then I guess I misunderstand the point of the Yubikey/2fa. I had thought it was an extra security layer in case I had to log into a potentially sketchy machine (Random PC at work, hotel business office, etc) where my Password might be sniffed, but the 2FA would protect me due to the rotating nature. If it never asks for it again, then what's the value?
0 -
@Yeraze 2FA is to protect your data on the 1Password server. The YubiKey/2FA prevents an attacker who has your master password and secret key from also getting a copy of your password database.
Only login to 1Password on devices you trust. Keyloggers are not the only threat. Someone with access to a device you're using could take a copy of your password database, master password and secret key. Even if 2FA was added to the 1Password client app, they could get around it by decrypting your database using their own decryption software.0