1Password won't verify newly set up YubiKey.
I just set up a YubiKey 5C as a 2FA second factor. Now when I open 1Password I get this window. The YubiKey is connected to my Mac Studio. The YubiKey Manager app sees it and all the interfaces (including FIDO U2F and FIDO2) are enabled. I'm not sure what 1Password is asking me to do.
This 1Password support page says "Touch the sensor on your security key" but the YubiKey 5C doesn't have any sensors that I can tell. I've tried unplugging it and plugging it back in and restarting the Mac.
1Password Version: 1Password for Mac 8.10.36 (81036049)
Extension Version: N/A
OS Version: macOS 14.5
Browser: N/A
Comments
-
If this is your first time using a Yubikey, you may not know that the gold circle in the center of the key is a mini capacitive touchscreen. Place your finger on the gold disk to "verify" the key when asked. It's not a fingerprint sensor (although it can be if you purchased the Yubikey Bio), but rather a hardware check for added security.
And just because I'm already typing, I'll note that 1Password uses U2F, so no PIN is required. If using your Yubikey as FIDO2, you'll need to set and use a PIN (for the key, not per service), but either way you'll always need to "touch" the gold disk to verify.
0 -
Oh, and if you're going down this route, it's strongly recommended to have 2 keys set up, in case you lose one or it breaks. Keep the second key somewhere else, like a relative's house, for added disaster resilience (ie, if your house burns down).
0 -
If you have any questions we're here to help.
If it's this model its the side gold colored tabs that stick out. https://www.yubico.com/product/yubikey-5c/?
If it's this one https://www.yubico.com/product/yubikey-5c-nfc/? then it's the center gold colored disk.
tl;dr Look for Gold as the sensor.
Thanks for the help PersisNuva
0 -
It's the 5C with the side gold colored tabs. Touching them does nothing. Maybe my key is broken out of the box.
0 -
If I open BBEdit (or have the cursor in any text box) and touch the gold tabs I get a series of 44 characters. The first twelve are the same every time and the other thirty-two look random. Is 1Password looking for these characters?
0 -
Nope, I don't think it is broken. That sounds about right. The characters are a unique identifier. Let's get you over to my technical colleagues in email support. Please email us using
support+forum@1password.com. Be sure to use the email address tied to the account in question.You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!
--
That said, can you clarify what action you are taking. Are you trying to setup 2FA for the first time? If so please ensure that when the slide out from the side of the browser happens that you look near the top you'll see a small icon that resembles a Security key. Tap/select it and continue on. I've seen many folks accidentally create a passkey instead which will not work for 2FA.
0 -
The first twelve are the same every time and the other thirty-two look random. Is 1Password looking for these characters?
Yes.
0 -
That said, can you clarify what action you are taking. Are you trying to setup 2FA for the first time? If so please ensure that when the slide out from the side of the browser happens that you look near the top you'll see a small icon that resembles a Security key. Tap/select it and continue on. I've seen many folks accidentally create a passkey instead which will not work for 2FA.
That was the trick. I assumed clicking Save was the right thing to do. It wasn't obvious that I should click the tiny icon. I disabled 2FA and started over. This time I clicked the security key icon and now things are working. I'll have to review Yubico's video on setting up with 1Password. I'm guessing that's in there but I don't remember seeing it. Overall, I think Yubico needs to improve their Getting Started documentation. I've been a programmer for 40 years so I'm not technically illiterate, but this process has been really opaque. Or maybe I'm just too old for new things.
0 -
I'm hoping we can work on making the steps clearer to everyone. I'm sorry you had a rough time with it. Thank you for letting me know things took a better turn.
1
