To protect your privacy: email us with billing or account questions instead of posting here.

Feature Request - Hardware token (yubikey) for local authentication/unlocking

dnbrice
dnbrice
Community Member
edited June 2023 in Memberships

I have seen several posts on this before and I feel that the developers are indifferent to the desires of the customers. Here is the scenario of why I need 2FA to unlock 1Password. I work in a secure environment where the computer I use is monitored and keystrokes may be recorded. For this alone, 1Password is insecure. An admin could recover an image of my computer and use keystroke data to recover my unlock password, and gain access to the password database. If the unlocking feature had 2FA, with a hardware token, this would secure the database to prevent this scenario.

I wish the developers and decision makers of this application would review and listen to the customers on this request. As it stands, I do not have the peace of mind that my passwords are secure in the scenario described above. What would bring a peace of mind is that the unlocking of the application was not on password alone. I have used 1Password for 2 years, but I am exploring other products that would give me this peace of mind.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ag_josephine
    ag_josephine
    1Password Alumni

    Hi @dnbrice,

    Thank you for that providing that situation as an example, I can definitely understand your concerns about using 1Password on this and any devices with the same type of procedure(s).

    While I can't make any promises, I've filed a feature request internally to bring this to the attention of our team. They regularly review feature requests from our customers to consider what should be added or changed to future versions of 1Password. Your feedback, along with feedback from our other customers, helps them immensely with their planning.

    Thank you again for your suggestion, we appreciate your feedback and love hearing from you - while our focus is on encryption, I do like the idea of this being an optional feature that could be turned on or off depending on the needs of each person!

    In regards to your current situation, the best advice I'd have would be to deauthorize this device after each use which would then prompt you for 2FA each time you access it again or keeping a copy of your Emergency Kit/ account password and Secret Key on a USB device which would allow you to copy the credentials and paste them in instead of typing them, negating the key logging issue.

This discussion has been closed.