I assist Managed clients with basic Opsec as part of our Managed Security Service.
I've run into multiple use cases where there is a legit requirement to make use of Yubikey 2FA FOR EACH SIGN IN. Even if that sign in is on the same day on the same endpoint on the same OS user account. (Or, if a single factor is the only option to use the hardware key vs access that is granted through user entering a password through a keyboard). This is mostly industrial environments where there is shared access to the same desktop and physical security is weakened due to easy access to these endpoints.
This support article mentions extension settings that could be a good start, https://support.1password.com/auto-lock/#manage-auto-lock-in-the-1password-app but the mentioned options are not present for 1PW extension v 2.3.7 ... ?
Also, this would be applicable for both the Binary and Browser Extension sign in. I assume the default synch between extension and binary would take care of this. But currently there is no option to force hardware based 2FA required for each sign in.
Ideally the user should have the flexibility to
1. Force Hardware 2FA requirement for each sign in.
2. Use the Hardware Key as primary factor.
1Password Version: Not Provided
Extension Version: 2.3.7
OS Version: Mac OS + W10
Browser:_ Chromium brased