Yubikey Neo support for 1Password?

JHerigJHerig
Community Member

Now that YubiKey has created their SDK for working with the Yubikey Neo on iOS 11 (seen here), will AgileBits be adding support?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • bknightlybknightly
    Community Member

    I saw the same article this morning as @JHerig and am wondering the same. Any anticipated timeline for NFC support with the 1password iOS app? Thanks!

  • BenBen AWS Team

    Team Member

    No definite plans that I’m aware of at this point, but definitely cool technology and we’ll be keeping an eye on it.

    Ben

  • captbrandocaptbrando
    Community Member

    Ben:

    One of the things you can do with the Yubikey is attach a PIN to the device (or, in reality, change the default PIN) so that you can do a more traditional 2FA authentication. With the very strong passwords that the subscription service requires, this would add both convenience and added security to the vaults.

    The Yubikey (or one of the authorized keys, remember, you want a backup) would be presented to the machine via USB, touched to activate, and then a PIN entered before the vault could be unlocked. Something similar would happen on the mobile side as well.

    I’m less concerned about the mobile side, but much more concerned about the desktop side—especially since my machine locks itself multiple times throughout the day. Add in the very lengthy password and there is some productivity lost every day. To the point where I am preferring the apple keychain over 1password.

    Also, just sayin, LastPass implemented it right out of the gate :)

  • AGAlumBAGAlumB
    1Password Alumni

    Thanks for chiming in! As Ben mentioned, it's something we can consider adding in the future. Though, notably, that wouldn't work anyway unless you're using a 1Password.com account. And we already have two-factor authentication there.

    However, it's impossible to have a second when there is no authentication, as with local vaults. And it sounds like you're not talking about using YubiKey as a second factor anyway, if it's in lieu of entering your Master Password. That would be single factor. But thank you for letting us know that you'd specifically like us to add support for YubiKey to 1Password. Cheers! :)

  • DaveFLDaveFL
    Community Member

    Another vote for Yubikey Neo support. Would be a nice addition for membership users.

  • BenBen AWS Team

    Team Member

    Thanks for the feedback @DaveFL. :)

    Ben

  • kenkhokenkho
    Community Member

    Please add Yubikey for 2FA.

  • BenBen AWS Team

    Team Member

    Thanks for the suggestion, @kenkho.

    Ben

  • seanpowellseanpowell
    Community Member

    Another vote for Yubikey!

  • BenBen AWS Team

    Team Member

    Thanks for sharing your input, @seanpowell.

    Ben

  • primeprime
    Community Member

    Another vote :+1:

  • BenBen AWS Team

    Team Member

    Thanks, prime.

    Ben

  • danielhfdanielhf
    Community Member
    edited August 2018

    +1

    This is huge and seems pretty obvious for a security product. Additionally, the fact that the only 2FA option for 1Password utilizes a mobile app (Google Authenticator, Authy, etc.) with a QR code-based-one-time-password is far from ideal. If I am a user of 1Password and I'm taking advantage of all its features, I will not have one of the mentioned authenticator apps on my phone—I will be using 1Password to handle my 2FA QR-code-based OTPs. If that is the case, I think the issue is pretty obvious.

    I'd like to see Yubikey NEO added as an option for 2FA in addition to SMS, since I don't want to have to keep Authy/Google Authenticator on my iPhone as just an app to manage 2FA for 1Password.

    I've used 1Password personally for years, but Lastpass at my employers. I love that 1Password has the ability to manage OTPs (unlike Lastpass), but Lastpass's support for Yubikey NEO has me on the fence. I'd love to see this taken care of 😉

  • BenBen AWS Team

    Team Member
    edited August 2018

    Thanks for your perspective on this @danielhf. Obviously we need to carefully evaluate any features that allow someone access to a 1Password account, but we are looking into how/if YubiKey's offering might fit into the 1Password ecosystem.

    Ben

  • AGAlumBAGAlumB
    1Password Alumni

    @danielhf: U2F is being considered because it offers a security benefit. We're not adding SMS.

  • danielhfdanielhf
    Community Member

    Thanks you for the responses @Ben and @brenty for the prompt responses.

    I understand why you wouldn't want SMS from a security perspective. My point in mentioning SMS was specifically that it was a 2FA option that didn't require an application for which 1Password was already satisfying the need for. I'd love to see U2F and Yubikey support.

  • BenBen AWS Team

    Team Member

    :+1: :)

    Ben

  • primeprime
    Community Member

    SMS is the worst there is. It shouldn’t be used anymore at all for a 2nd factor, but sadly banks still use this.

  • AGAlumBAGAlumB
    1Password Alumni

    I'd say email is worse, but it's a close call. ;)

  • nightyearnightyear
    Community Member

    Another vote for Yubikey Neo support for 1Password IOS.

    As an aside, I love that Agilebits stays on the forefront but not the bleeding edge of security issues, and for your well-reasoned explanations of why you support and use various technologies or standards. I wish every vendor I did business with would do likewise. Keep up the great work :)

  • BenBen AWS Team

    Team Member

    Thanks for the kind words and feedback, @nightyear. :)

    Ben

  • webpeakswebpeaks
    Community Member

    Another vote for Yubikey Neo support for 1Password IOS.

    Best regards
    Tom

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

  • JamesHendersonJamesHenderson
    Community Member

    +1 for Yubikey New for Mac and iOS. I really like 1Password* and wouldn't change it for anything, but it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    *...except for some v7 UI topics)

  • BenBen AWS Team

    Team Member

    Thanks @JamesHenderson. We do have support for Duo at some membership levels which may offer a more true “2FA” experience. We will continue to evaluate how Yubikey may fit in to the equation, though.

    Ben

  • JamesHendersonJamesHenderson
    Community Member

    @Ben cheers. The Duo is just for business use though, isn't it?

  • BenBen AWS Team

    Team Member

    1Password Teams and 1Password Business, yes.

    Ben

  • AGAlumBAGAlumB
    1Password Alumni

    it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    @JamesHenderson: That's not inherently true. You're welcome to use a dedicated device for two-factor authentication. And old phone will work, even without any internet access. :)

  • JamesHendersonJamesHenderson
    Community Member

    @brenty ...well blow me over and call me windswept. When did you sneak that in?

  • JamesHendersonJamesHenderson
    Community Member

    oh hang on; It's only for the first use on a new device though. ...so better than I thought but still not "proper" 2 factor.

This discussion has been closed.