Hardware token 2FA support?

juju1
juju1
Community Member
in Lounge

I want to add to the many posts for this.
I really think more choices like Yubikey, Google authenticator and similar stuff would beneficial to users

Thanks

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • darrenNZ
    darrenNZ
    Community Member

    @juju1 doing this wouldn't add any security.

    Hardware tokens are for authentication not encryption.

    • You can use a YubiKey to log into Gmail. Google can read your messages.
    • You can't use a YubiKey to log into 1Password. AgileBits cannot see your passwords.

    I've oversimplified here so read the fuller explanation below.

    Authentication and encryption in the 1Password security model

    Encryption is better than authentication and most people wouldn't feel comfortable with sacrificing security just to introduce a hardware token.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I want to add to the many posts for this.

    I really think more choices like Yubikey, Google authenticator and similar stuff would beneficial to users Thanks

    @juju1: Thanks for letting us know! As darrenNZ alluded, 1Password's security isn't based on authentication — essentially access permissions — and it isn't possible to use authentication at all with he "standalone" version of 1Password using local vaults.

    However, 1Password.com accounts, in additional to using encryption-based security, do have an authentication component, so perhaps we'll do something in this area in the future. We do want to be sure that it actually provides a security benefit though, and that we're not just giving people a gun to shoot themselves in the foot with, not understanding that there is no backdoor if they lose access to their authenticator. Cheers! :)

  • juju1
    juju1
    Community Member

    Thanks for the feedback.
    My interest is more on authentication side and 1password for Teams so cloud based.
    It's not for a replacement but a complement like for gmail, I can login with password or password+2FA be it text message, google authenticator, google invite, multiple yubikey.

    For me, 2 use cases

    • general use of 2FA and resilience against interception/password stealing. OTP and hardware tokens make it harder
    • recovery. either as dedicated password or secret key, a token can be used, dedicated ideally.
  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for clarifying! That's really helpful. I can't say much more right now, but this is an area we're interested in and it's good to know the specific functions you're looking for. :)

This discussion has been closed.