Far-fetched Feature Request?

Bushwhack
Bushwhack
Community Member

I was just thinking, with my implementation of really secure passwords with 1Password on Mac and iOS, I also use two-factor authentication methods as well (either text message or google authenticator).

Since I am coming into the app to copy a login or to login from within the app browser with data stored in 1password is there any way to incorporate some form of two factor api into the app?

Or does anyone have any good methods between using these two besides just swapping between SMS or the google authenticator app or is this just me?

I figure there isn't an api for authenticator/two factor but wasn't sure.

Comments

  • @Bushwhack This is a really cool idea. As it stands we haven't done any research into integrating any two-factor APIs, but if they become more prevalent it's certainly something we'll investigate.

  • ethansisson
    ethansisson
    Community Member

    Good idea. I only use two-factor auth on three accounts, but that's three more than a year ago. It would be a natural fit for 1Password.

  • gregspeechley
    gregspeechley
    Community Member

    I would love this! It definitely feels like something that 1Password should take care of for me.

  • elysiumfusion
    elysiumfusion
    Community Member

    I literally just had the exact same idea less than a few minutes ago... Except I posted this in the "HockeyApp.net" feedback section by accident (I'm new to the Beta program)

    I wrote this bit detailing what would happen in the event of 1Password being compromised:

    In the event of a compromised vault, the inclusion of 2-Factor Authentication keys may be a bad idea. That's why there could be 2 vaults, such that an intruder would have to compromise the vault for passwords AND the vault of the authenticator. In a sense, there would be 2 layers of security: one for the passwords and one for the 2nd factor authenticator.

  • Bushwhack
    Bushwhack
    Community Member

    I like that idea @elysiumfusion‌.
    I'd argue, at least for me, the chance of a compromised vault requires direct access to the device and there's not many people who have that type of access. But it does make sense to keep them separate.

    Sadly I don't think any mainstream two factor has api access, probably for security reasons. So we may never see this unless a new independent two factor is launched that is either run by agilebits or allowed to be accessed by.

  • elysiumfusion
    elysiumfusion
    Community Member

    I'm pretty sure anyone can build their own Google Authenticator. Look at the Authenticator App by Matt Rubin on App Store. Google's authentication "algorithms?" are pretty open.

  • Bushwhack
    Bushwhack
    Community Member
    edited March 2014

    I wanted to give an update to anyone interested in this implementation. I found a jacky way to accomplish this. This currently only works for Facebook, Gmail and Dropbox using URL Schemes.

    First I turned on 2 Factor Authentication for each individual site I wanted to use it on and set up app auth login using an app called Authy.

    Then for every login I have (Facebook, Dropbox, Gmail) I went to each individual login page in 1Password and added a 2nd website address for each login. I changed the name of the website field for this to "Two Factor Code" and put as the address for each login respectively:

    authy://open/facebook
    authy://open/gmail
    authy://open/dropbox

    This way, utilizing 1Password to get the password for each login then has a button that says for example "open/gmail"
    Tapping on this uses URL schemes to switch over to Authy rather quickly giving you the next step of your login process the two-factor code.

    Since 1Password and Authy can both have quick pins enabled its pretty secure migrating from one to the other as well.


    Plus utilizing an app like Launchpad Pro you can setup custom actions such as:
    Gmail Login using the url: onepassword4b://search/Google

    Which will forward you to 1Password beta with the Google logins pulled up in a search. input your password wherever you need to, tap the Two Factor field and get shot away to the two factor login in Authy and get your code. No more double tapping and switching through a lot of different apps.

  • Wow @bushwhack, that's pretty cool!

  • skylarp
    skylarp
    Community Member

    @Bushwhack‌, what an awesome idea! Thanks for the tip.

  • Bushwhack
    Bushwhack
    Community Member

    No problem @skylarp‌
    Another fun tip you can reference other apps such as Hover but going into Authy and renaming the token in settings to "Hover" which is case sensitive then like as: authy://open/Hover

  • skylarp
    skylarp
    Community Member

    Thanks again! I also figured out that you can open tokens with spaces in then by replacing the spaces in your url with %20: authy://open/long%20service%20name

This discussion has been closed.