Yubikey & Mac App

tokyotony
tokyotony
Community Member

I can set up my Yubikey for 2FA in 1P via my browser. However, when I try to log into my Mac App and it asks for the key, it does not work BUT that same key works with my iPhone. I tried on another Mac and same issue. Am I missing something?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hello @tokyotony! 👋

    I'm sorry that you're running into issues using your YubiKey to add your account to 1Password. So that I can better understand the situation can you please tell me the following:

    1. Are you able to use the YubiKey with other websites and apps on your Mac (not your iPhone)?
    2. Did you register the YubiKey with 1Password using the Firefox browser? Or a different browser?

    I look forward to hearing from you.

    -Dave

  • tokyotony
    tokyotony
    Community Member

    Hi. Thanks for reaching out. My answers:

    1. No problem using YK on other sites.

    2. Yes, I used Firefox. I just switched to FF a few weeks ago when Brave was getting sluggish.

  • @tokyotony

    Thanks for the reply. Our developers are currently investigating an issue where YubiKeys enrolled using Firefox may not work with 1Password for Mac. As a troubleshooting test, would you be able to remove the YubiKey from your 1Password account and then register it using a different browser like Chrome, Brave, or Safari? Once you've done that, try to authenticate your 1Password account in the desktop app again.

    You can find our guide here: Use your security key as a second factor for your 1Password account

    -Dave

    ref: dev/core/core#27958

  • tokyotony
    tokyotony
    Community Member

    I will try tonight when I get home.

  • Thank you, I'll keep an eye out for your reply. 🙂

    -Dave

  • tokyotony
    tokyotony
    Community Member

    Hi Dave,

    I tried both on Brave and Chrome to set up a Yubikey. I tried Brave first but didn't seem to get a way to set up at all. It just churned when I put the Yubikey in and pushed the side buttons.

    I then tried Chrome. That seemed to work better, but it bring up this odd dialog box asking me if I want to set up a passkey.

    At first, I clicked Save and nothing happened. Again, I clicked Save and nothing happened. I then when ahead and click the X to close the box. The 1password website showed a Yubikey had been set up. Weird. I tried it, but nothing. I thought therefore maybe a 1Password passkey was then set up on my Mac. I tried login in with it, but not go.

    So, I tried again on Chrome, and the same dialog box comes up and now shows 2 passkeys saves (weird) and I decided to click the Yubikey icon at the top right. The allowed me to finally set up the Yubikey. I tried using it to log into my account, and everything is fine.

    I'm really confused by the dialog box that pops up.

  • tokyotony
    tokyotony
    Community Member

    Also, now I have 2 entries for 1Password and both just have Passkeys. Odd.

  • tokyotony
    tokyotony
    Community Member
    edited February 21

    So, to sum up. Setting up the Yubikey on Chrome and Brave works. For good measure, I tried Firefox again, and the key I created using Firefox would not let me log back in to the app.

    Second.... the pop up shown above is a bit confusing. Save doesn't seem to do anything but create a new entry in 1P. Instead, if I click the Yubikey icon, I get the opportunity to then enroll a Yubikey. Seems I can also create a Passkey which I have done so on my iPhone after scanning in the QR code. The below is the link to which I followed to set up my Yubikey but no mention of this popup or ability to create a Passkey as 2FA for 1P.

    https://support.1password.com/security-key/

  • @tokyotony

    Thanks for the reply. It sounds like you were able to setup the YubiKey using Chrome and Brave, let me know if I misunderstood that. There is a known issue where YubiKeys setup using Firefox aren't working with the 1Password for Mac desktop app and our developers are investigating. I'm sorry for the inconvenience.

    Second.... the pop up shown above is a bit confusing.

    I'm sorry for the confusion. Both hardware security keys and passkeys use similar webauthn technology. When a website sends a request to save either a security key or passkey 1Password is unable to tell which type the website is trying to save and will show the passkey prompt:

    image

    Clicking on the security key icon, as you did, tells 1Password that you're trying to setup a hardware security key and not a passkey. Once you click the security key icon, 1Password will let the request pass through to the browser so that you can setup your security key. You can read more here: Save and sign in with passkeys in your browser

    Let me know if you have any other questions. 🙂

    -Dave

    ref: dev/core/core#27958

  • tokyotony
    tokyotony
    Community Member

    Hi Dave - Perfect. Just a suggestion that perhaps the instructions should be modified to include this. Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey. Thanks!

  • Dave_1P
    edited February 21

    @tokyotony

    Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey.

    Thanks for the reply. Clicking the key icon dismisses 1Password and passes the request along to the browser which handles the the setup of the security key. Since certain browsers include the ability to save passkeys in their built-in managers they may give you the option to save a passkey instead of setting up your YubiKey.

    Hopefully the flow can be made more intuitive in the future.

    -Dave

  • tokyotony
    tokyotony
    Community Member

    So, for good measure, I did save a Passkey on my Phone (scanned the QR code and saved it in iCloud Keychain). Is that also valid 2FA for 1P?

  • @tokyotony

    Thanks for the question. I don't recommend using a passkey as a security key when turning on two-factor authentication for your 1Password account since that use case isn't supported at the moment and you may run into issues.

    When enabling two-factor authentication for your 1Password account only add hardware security keys or an authenticator app that supports one-time passwords: Turn on two-factor authentication for your 1Password account

    If you've saved a passkey as a security key then I suggest that you remove it as a second factor from your 1Password account and then delete it from Keychain.

    -Dave

    ref: dev/b5/b5#19787

  • tokyotony
    tokyotony
    Community Member

    Perfect. Kind of what I thought. I will remove it. Just an FYI...here's what iOS is showing. I will delete that as well.

  • Sounds good. Let me know if you have any other questions that I can help with. 🙂

    -Dave

This discussion has been closed.