What in case of Yubikey loss?

vapre
vapre
Community Member

I am inspired by a question on reddit that I would like to get an answer on. Does 1P8 provide for the setup of a second Yubikey in addition to the first one? I am wondering what happens in case I lose the registered Yubikey or it gets stolen. How to deal with this?


1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: 12.6
Browser:_ Chrome

Comments

  • Hello @vapre! 👋

    That's a great question! You can absolutely add a second Security Key to your 1Password account so that you can still authenticate even if you lose the first Security Key. Follow these steps: Use your security key as a second factor for your 1Password account

    If you only have one Security Key added to your account and you lose it then you can still authenticate by using a one-time password from your authenticator app.

    Let me know if you have any questions. 🙂

  • vapre
    vapre
    Community Member

    Thank you for your response @Dave_1P . Great for the option of a second key. Makes one sleep more soundly. On your last second comment, however, the question arises though: why use one or even two Yubikeys if a possible attacker simply needs the OTP as 2FA to get in? I thought the Yubikey was "in addition," but maybe I am missing something. Thanks again!

  • @vapre

    At the moment, it's not possible to remove your authenticator app as a second factor for a 1Password account. Historically the reason for this was because not all of our client apps supported Security Keys as a second factor so it was still necessary to enter a six-digit code from a user's authenticator app in order to add a 1Password account to those client apps.

    However we've now added the ability to use Security Keys are a second factor to all of our client apps and that sets the foundation for us to be able to offer users the choice to only use a Security Key as their second factor. I don't have any public-facing information on when and if this work will be completed but I can confirm that it's something that our developers are looking into.

    For the moment, if you'd like to avoid using an authenticator app you can print the TOTP secret to keep with your Emergency Kit (as a backup) then delete the Authenticator app from your phone once everything is configured.

    -Dave

  • vapre
    vapre
    Community Member

    Thank you for the very precise and committed response. Good luck with future developments – I will wait with excitement.

  • @vapre

    I'm happy to help. 😊

This discussion has been closed.