Hardware Passkey n of m
Hey there, guys.
Is there a way that you could have 2/3 hardware passkeys needed to decrypt an account?
This would be amazing - because it would strike the perfect balance between resilience and security.
The ability to use a hardware passkey to unlock a 1PW account is great. But it is a single factor.
You could up that by using a Yubikey Bio - to combine both biometrics and ownership as factors. But both factors are still collapsed onto a single TPM.
Ideally 2 keys at least.
But then for added resilience, N of M would be great.
Usecase E.G.:
2 of 3 officers are needed to unlock an account that stores crypto seed phrases / private keys for an exchange or any other extremely important secret.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hello @bitkeeper! 👋
Thank you for the feedback about 1Password's passkey unlock beta! You can indeed store your passkey for 1Password on a hardware security key but it alone won't allow you to add your 1Password account to a new device, you'll need to also authorize the sign in using an existing trusted device.
Once a 1Password account is added to a device using a passkey, your 1Password account is decrypted not using your passkey but using a unique device key that is stored locally on your device. You can read more here: About the security of unlocking 1Password with a passkey
Usecase E.G.:2 of 3 officers are needed to unlock an account that stores crypto seed phrases / private keys for an exchange or any other extremely important secret.
That's definitely an interesting use case. Data in 1Password is primarily protected using encryption not authentication. Even if multiple passkeys were required by 1Password's user interface, the device key itself (already stored locally on the device) is used to decrypt your data.
That being said, I've shared your feedback and request with the team. 🙂
-Dave
ref: PB-40249541
0
