Yubikey not working with 1Password

1.) Getting the YubiKey setup with 1Password is confusing, even for a tech-head like myself. In my situation this is YubiKey 5C NFC.

2) The YubiKey does not work with 1Password. I can enable 2FA on my 1Password account using the YubiKey 5C NFC and I can use it to unlock my account when using 1Password on a computer. However, I cannot unlock 1Password on my phone using the YubiKey because 1Password has not written the necessary code to allow 1Password to use the YubiKey 5's NFC feature.

3) Yubico advertise that the YubiKey 5 series works seamlessly with password managers such as 1Password, but this could not be further from the truth. Enabling 2FA on my 1Password account using a YubiKey requires that I also use the Yubico Authenticator app. Rather than simply inserting my YubiKey into the computer and logging in, I am required to first insert the YubiKey, then open the Yubico Authenticator app, find the login I need a code for, copy that code to my clipboard, navigate over to 1Password, paste the code, and only then can I finally unlock the application. This is not a seamless process.

In order to improve the 2FA authentication process, 1Password needs to dramatically improve the quality of their setup documentation and support website. Yubico also needs to provide a much more honest description of the process involved in using the YubiKey 5 series for password managers such as 1Password.

Comments

  • jack.plattenjack.platten

    Team Member

    Hey @Canadian:

    Great question and I'd be happy to get you sorted out with 1Password and a Yubikey! Just to confirm, did you add your Yubikey as a security key, or an authenticator app? As not all of our clients support using security keys just yet, adding an authenticator app is required before being able to add any security keys. Given that you mentioned having to open the Yubico Authenticator app, it sounds like it might be set up as the authenticator app.

    If you'd like to use your Yubikey as a security key for your 1Password account, first download an authenticator app (like Authy or Microsoft Authenticator), then follow these steps:

    1. Sign in to your account on 1Password.com.
    2. Click your name in the top right and choose My Profile.
    3. Click More Actions > Manage Two-Factor Authentication.
    4. Click Replace in the Authenticator App row, then click Set Up New Authenticator App. You’ll see a square barcode (QR code). (To save a backup of your two-factor authentication code, write down the 16-character secret next to the QR code and store it somewhere safe, like with your passport and Emergency Kit.)
    5. On your mobile device, open your authenticator app and use it to scan the QR code. After you scan the QR code, you’ll see a six-digit authentication code.
    6. On 1Password.com, click Next. Enter the six-digit authentication code, then click Confirm.

    After setting up your authenticator app, you should be able to add your Yubikey as a security key by following these steps:

    1. Sign in to your account on 1Password.com on your computer.
    2. Click your name in the top right and choose My Profile.
    3. Click More Actions > Manage Two-Factor Authentication.
    4. Click Add a Security Key.
    5. Enter a name for your security key and click Next.
    6. Insert your security key into the USB port on your computer. (If Windows Security asks you to create a PIN, enter one and click OK. Your PIN is stored locally on your security key.)
    7. Touch the sensor on your security key.
    8. When you see “Your security key was successfully registered”, click Done.

    After registering your Yubikey, you should be able to use it to authorize new devices. Additionally, I'd just like to point out something else; Your two-factor authentication for your 1Password account is used only when adding your 1Password account to a new device, and is not used after that.

    Let me know how you get on with that!

    Jack

  • CanadianCanadian
    edited January 14

    Hey @jack.platten and @Ben ,

    My point is that the YubiKey doesn't work with 1Password to authenticate right in the browser with physical key on Android when you inserting the key. It says "Setup another second factor" but you can't do anything right in this point.

    It's OK when using authentication apps but not working with this physical key authentication method in the browser. For example I have no problem for this both methods when using Bitwarden as you see in this pictures here




    I think 1Password needs to fix this issue for authentication in browser with the physical key for Android devices.

    I am using the latest version of 1Password for Android downloaded from Google Play Store and my phone is S21 Ultra 5G with version Android 12.

    Thanks

  • Hey @Ben ,

    My point is that the YubiKey doesn't work with 1Password to authenticate right in the browser with physical key on Android when you inserting the key. It says "Setup another second factor" but you can't do anything right in this point.

    It's OK when using authentication apps but not working with this physical key authentication method in the browser. For example I have no problem for this both methods when using Bitwarden as you see in this pictures here




    I think 1Password needs to fix this issue for authentication in browser with the physical key for Android devices.

    I am using the latest version of 1Password for Android downloaded from Google Play Store and my phone is S21 Ultra 5G with version Android 12.

    Thanks

  • SystemSystem

    Team Member
    This discussion was created from comments split from: Yubikey/U2F protecrion.
  • jack.plattenjack.platten

    Team Member

    Hey @Canadian:

    Thanks for your screenshots. I've done some further testing and it looks like this is Samsung Internet, which does not support FIDO2/WebAuthn which is what 1Password accounts use for security keys. Bitwarden is using Yubico OTP, which is not FIDO2/WebAuthn, but instead "typing" in the one-time password into the text field. To add your Yubikey as a security key for your 1Password account, using an alternate browser on your device (like Google Chrome) or using a browser on a desktop or laptop device would be your best bet.

    Jack

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file