Yubikey Neo support for 1Password?

JHerig

Now that YubiKey has created their SDK for working with the Yubikey Neo on iOS 11 (seen here), will AgileBits be adding support?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

bknightly

I saw the same article this morning as @JHerig and am wondering the same. Any anticipated timeline for NFC support with the 1password iOS app? Thanks!

Ben

No definite plans that I’m aware of at this point, but definitely cool technology and we’ll be keeping an eye on it.

Ben

captbrando

Ben:

One of the things you can do with the Yubikey is attach a PIN to the device (or, in reality, change the default PIN) so that you can do a more traditional 2FA authentication. With the very strong passwords that the subscription service requires, this would add both convenience and added security to the vaults.

The Yubikey (or one of the authorized keys, remember, you want a backup) would be presented to the machine via USB, touched to activate, and then a PIN entered before the vault could be unlocked. Something similar would happen on the mobile side as well.

I’m less concerned about the mobile side, but much more concerned about the desktop side—especially since my machine locks itself multiple times throughout the day. Add in the very lengthy password and there is some productivity lost every day. To the point where I am preferring the apple keychain over 1password.

Also, just sayin, LastPass implemented it right out of the gate :)

AGAlumB

Thanks for chiming in! As Ben mentioned, it's something we can consider adding in the future. Though, notably, that wouldn't work anyway unless you're using a 1Password.com account. And we already have two-factor authentication there.

However, it's impossible to have a second when there is no authentication, as with local vaults. And it sounds like you're not talking about using YubiKey as a second factor anyway, if it's in lieu of entering your Master Password. That would be single factor. But thank you for letting us know that you'd specifically like us to add support for YubiKey to 1Password. Cheers! :)

DaveFL

Another vote for Yubikey Neo support. Would be a nice addition for membership users.

Ben

Thanks for the feedback @DaveFL. :)

Ben

kenkho

Please add Yubikey for 2FA.

Ben

Thanks for the suggestion, @kenkho.

Ben

seanpowell

Another vote for Yubikey!

Ben

Thanks for sharing your input, @seanpowell.

Ben

prime

Another vote :+1:

Ben

Thanks, prime.

Ben

danielhf

+1

This is huge and seems pretty obvious for a security product. Additionally, the fact that the only 2FA option for 1Password utilizes a mobile app (Google Authenticator, Authy, etc.) with a QR code-based-one-time-password is far from ideal. If I am a user of 1Password and I'm taking advantage of all its features, I will not have one of the mentioned authenticator apps on my phone—I will be using 1Password to handle my 2FA QR-code-based OTPs. If that is the case, I think the issue is pretty obvious.

I'd like to see Yubikey NEO added as an option for 2FA in addition to SMS, since I don't want to have to keep Authy/Google Authenticator on my iPhone as just an app to manage 2FA for 1Password.

I've used 1Password personally for years, but Lastpass at my employers. I love that 1Password has the ability to manage OTPs (unlike Lastpass), but Lastpass's support for Yubikey NEO has me on the fence. I'd love to see this taken care of 😉

Ben

Thanks for your perspective on this @danielhf. Obviously we need to carefully evaluate any features that allow someone access to a 1Password account, but we are looking into how/if YubiKey's offering might fit into the 1Password ecosystem.

Ben

AGAlumB

@danielhf: U2F is being considered because it offers a security benefit. We're not adding SMS.

danielhf

Thanks you for the responses @Ben and @brenty for the prompt responses.

I understand why you wouldn't want SMS from a security perspective. My point in mentioning SMS was specifically that it was a 2FA option that didn't require an application for which 1Password was already satisfying the need for. I'd love to see U2F and Yubikey support.

Ben

:+1: :)

Ben

prime

SMS is the worst there is. It shouldn’t be used anymore at all for a 2nd factor, but sadly banks still use this.

AGAlumB

I'd say email is worse, but it's a close call. ;)

nightyear

Another vote for Yubikey Neo support for 1Password IOS.

As an aside, I love that Agilebits stays on the forefront but not the bleeding edge of security issues, and for your well-reasoned explanations of why you support and use various technologies or standards. I wish every vendor I did business with would do likewise. Keep up the great work :)

Ben

Thanks for the kind words and feedback, @nightyear. :)

Ben

webpeaks

Another vote for Yubikey Neo support for 1Password IOS.

Best regards
Tom

Ben

:+1:

Ben

Unknown

This content has been removed.

Ben

Thanks @JamesHenderson. We do have support for Duo at some membership levels which may offer a more true “2FA” experience. We will continue to evaluate how Yubikey may fit in to the equation, though.

Ben

Unknown

This content has been removed.

Ben

1Password Teams and 1Password Business, yes.

Ben

AGAlumB

it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

@JamesHenderson: That's not inherently true. You're welcome to use a dedicated device for two-factor authentication. And old phone will work, even without any internet access. :)

Unknown

This content has been removed.

Unknown

This content has been removed.