Additional Two-Factor
Hi all,
I couldn't find a forum post here to add my +1, but I just wanted to throw my hat in the ring to really see if this can make it into 1Password. I know that there's always a tradeoff between convenience and security, but I have ~800 passwords in my vault, and have credentials which--if in the wrong hands--could deal some major damage, so I'm willing to forego convenience for additional layer on the umbrella.
I moved from Passpack which offers Yubikey authentication into their web portal. I know that sticking a Yubikey into one's iPhone is a no-go (at least that I know of? I suppose you could get the OTP on the computer and use shared clipboard in Sierra to paste it in), but on the desktop/web version, it really would be nice if this were a thing. There are methods to bypass the login screen on a locked OS X machine and then it's a matter of an attacker installing a keylogger, and the game is over. It's just really high risk for me and in order to mitigate a disaster, I really need a way to protect our vault with a OTP in addition to the master password.
Best,
Dan
1Password Version: 6.3.1 (631006)
Extension Version: 4.5.7.b4
OS Version: macOS 10.11.5 (15F34)
Sync Type: Not Provided
Comments
-
Doesn't the account key achieve this already? You'd need both your master password and either account key or device to be compromised.
Or are you talking about someone getting hold of your laptop, installing a keylogger and later getting hold of your laptop again?
0 -
Hi folks!
Doesn't the account key achieve this already?
It does. :)
Understanding the Account Key
I hope that helps. Should you have any other questions or concerns, please feel free to ask.
Ben
0