1P and Yubikey
1P 8.10.48 (subscription) on macOS 13.7
new to Passkeys (for which, thank you, AgileBits).
How exactly would I use a YubiKey 5 NFC with 1P, please?
I've read several 'How to' and FAQs but still don't really understand how to use a physical (in my case USB-C) key:
- to store individual (Private?) key(s) on?
- to act as a repository for my 1P account?
- something else?
Where exactly does whatever I store on my YubiKey combine with 1P etc?
Clarification and advice greatly appreciated…
TIA!
1Password Version: 8.10.0
Extension Version: 8.10.48.25
OS Version: macOS 13.7
Browser: Safari
Comments
-
Hello @Mark Sealey! 👋
Thanks for the question! Hardware security keys, like a YubiKey, are typically used for two-factor authentication. When you turn on two-factor authentication for your 1Password account you'll need to provide a one-time password from an authenticator app, or a hardware security key, when signing into 1Password on a new device or browser. It's an additional factor that provides protection in case an attacker has managed to get their hands on both your account password and Secret Key. We've published a blog article that discusses this further:
If you'd like to use your YubiKey as a second-factor for your 1Password account then you can follow the steps in this guide: Use your security key as a second factor for your 1Password account
-Dave
1 -
Thanks, Dave; and thanks for replying so quickly!
Just to be sure, would the best (only?) way I could use a YubiKey be to register it using not the macOS desktop app, but only the 1P web interface. As described here?
That would then make my 1P installation more secure; but I would not (also) store any other keys which I have in 1P itself?
How would that affect launching 1P on macOS?
Would I need the YubiKey USB-C device inserted at all future logins to 1P?
Thanks for your patience in helping me make sure I know exactly what I'm going to be doing :-) !
0 -
You need to use 1Password.com to add a security key as a second factor for your 1Password account. When you use a security key as a second factor for your 1Password account, the security key itself doesn't store any of your passwords or other items that you have saved in 1Password. All of your items remain saved and encrypted in your 1Password account itself.
The security key is only needed the first time that you sign into your 1Password account on a new device or browser. For example, if you buy a new Mac and you install the 1Password app then you'll need the following to add your 1Password account to the 1Password app on the new Mac:
- Your email address
- Your account password
- Your Secret Key
- Your hardware security key (YubiKey)
Once you've signed into your 1Password account on a certain device or browser, you'll only need your account password to unlock 1Password on that device/browser going forward. The security key is only needed the first time that you sign in to authenticate your account on a new device or browser.
I hope that helps. 🙂
-Dave
1 -
I hope that helps. 🙂
It certainly does. As always! Very many thanks. I think I'm ready to go now.
May I ask one last question, though, please: can I store other Keys on the same YubiKey - as well as that for 1P?
0 -
You can definitely use your YubiKey for multiple services! For example I use my YubiKey as a second factor for my 1Password account, my email account, various social media accounts, and more!
You can read more on YubiKey's website: How the YubiKey Works | Yubico
If you do choose to use a YubiKey then I recommend that you buy two of them and add both to every service where you'd like to setup two-factor authentication. Then, put the second YubiKey in a safe place so that you have access to it in case the first YubiKey breaks or is lost.
-Dave
1 -
Thanks very much once more, Dave!
All clear. I know just what to do.
Your help (and work with and in the entire 1P world) very much appreciated… :-)
0 -
I'm happy to help! 🙂
-Dave
1 -
It all seems to be working now just as it should. Again - many thanks!
0 -
If you have any other questions in the future then let us know. 🙂
-Dave
1
