Yubikey & Mac App
I can set up my Yubikey for 2FA in 1P via my browser. However, when I try to log into my Mac App and it asks for the key, it does not work BUT that same key works with my iPhone. I tried on another Mac and same issue. Am I missing something?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hello @tokyotony! 👋
I'm sorry that you're running into issues using your YubiKey to add your account to 1Password. So that I can better understand the situation can you please tell me the following:
- Are you able to use the YubiKey with other websites and apps on your Mac (not your iPhone)?
- Did you register the YubiKey with 1Password using the Firefox browser? Or a different browser?
I look forward to hearing from you.
-Dave
0 -
Hi. Thanks for reaching out. My answers:
No problem using YK on other sites.
Yes, I used Firefox. I just switched to FF a few weeks ago when Brave was getting sluggish.
0 -
Thanks for the reply. Our developers are currently investigating an issue where YubiKeys enrolled using Firefox may not work with 1Password for Mac. As a troubleshooting test, would you be able to remove the YubiKey from your 1Password account and then register it using a different browser like Chrome, Brave, or Safari? Once you've done that, try to authenticate your 1Password account in the desktop app again.
You can find our guide here: Use your security key as a second factor for your 1Password account
-Dave
ref: dev/core/core#27958
1 -
I will try tonight when I get home.
0 -
Thank you, I'll keep an eye out for your reply. 🙂
-Dave
0 -
Hi Dave,
I tried both on Brave and Chrome to set up a Yubikey. I tried Brave first but didn't seem to get a way to set up at all. It just churned when I put the Yubikey in and pushed the side buttons.
I then tried Chrome. That seemed to work better, but it bring up this odd dialog box asking me if I want to set up a passkey.
At first, I clicked Save and nothing happened. Again, I clicked Save and nothing happened. I then when ahead and click the X to close the box. The 1password website showed a Yubikey had been set up. Weird. I tried it, but nothing. I thought therefore maybe a 1Password passkey was then set up on my Mac. I tried login in with it, but not go.So, I tried again on Chrome, and the same dialog box comes up and now shows 2 passkeys saves (weird) and I decided to click the Yubikey icon at the top right. The allowed me to finally set up the Yubikey. I tried using it to log into my account, and everything is fine.
I'm really confused by the dialog box that pops up.
0 -
Also, now I have 2 entries for 1Password and both just have Passkeys. Odd.
0 -
So, to sum up. Setting up the Yubikey on Chrome and Brave works. For good measure, I tried Firefox again, and the key I created using Firefox would not let me log back in to the app.
Second.... the pop up shown above is a bit confusing. Save doesn't seem to do anything but create a new entry in 1P. Instead, if I click the Yubikey icon, I get the opportunity to then enroll a Yubikey. Seems I can also create a Passkey which I have done so on my iPhone after scanning in the QR code. The below is the link to which I followed to set up my Yubikey but no mention of this popup or ability to create a Passkey as 2FA for 1P.
0 -
Thanks for the reply. It sounds like you were able to setup the YubiKey using Chrome and Brave, let me know if I misunderstood that. There is a known issue where YubiKeys setup using Firefox aren't working with the 1Password for Mac desktop app and our developers are investigating. I'm sorry for the inconvenience.
Second.... the pop up shown above is a bit confusing.
I'm sorry for the confusion. Both hardware security keys and passkeys use similar webauthn technology. When a website sends a request to save either a security key or passkey 1Password is unable to tell which type the website is trying to save and will show the passkey prompt:
Clicking on the security key icon, as you did, tells 1Password that you're trying to setup a hardware security key and not a passkey. Once you click the security key icon, 1Password will let the request pass through to the browser so that you can setup your security key. You can read more here: Save and sign in with passkeys in your browser
Let me know if you have any other questions. 🙂
-Dave
ref: dev/core/core#27958
0 -
Hi Dave - Perfect. Just a suggestion that perhaps the instructions should be modified to include this. Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey. Thanks!
0 -
Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey.
Thanks for the reply. Clicking the key icon dismisses 1Password and passes the request along to the browser which handles the the setup of the security key. Since certain browsers include the ability to save passkeys in their built-in managers they may give you the option to save a passkey instead of setting up your YubiKey.
Hopefully the flow can be made more intuitive in the future.
-Dave
1 -
So, for good measure, I did save a Passkey on my Phone (scanned the QR code and saved it in iCloud Keychain). Is that also valid 2FA for 1P?
0 -
Thanks for the question. I don't recommend using a passkey as a security key when turning on two-factor authentication for your 1Password account since that use case isn't supported at the moment and you may run into issues.
When enabling two-factor authentication for your 1Password account only add hardware security keys or an authenticator app that supports one-time passwords: Turn on two-factor authentication for your 1Password account
If you've saved a passkey as a security key then I suggest that you remove it as a second factor from your 1Password account and then delete it from Keychain.
-Dave
ref: dev/b5/b5#19787
0 -
Perfect. Kind of what I thought. I will remove it. Just an FYI...here's what iOS is showing. I will delete that as well.
0 -
Sounds good. Let me know if you have any other questions that I can help with. 🙂
-Dave
0