I'm coming from Lastpass, and am trying 1P for a few days. The lacking ability to use Yubikey in stead of my master password in Windows is nearly a dealbreaker. Because I use a business laptop, I cant even use Windows Hello fingerprint somehow. On Android it works very nice, but typing my 30+ complicated master password every 15 minutes is really frustrating. I'm still figuring out if it's worth the switch...
@Drijfhout With 1Password you don't need to use a 30+ character master password.
Your data is protected on 1Password's servers by your master password and secret key. An attacker cannot access your account without successfully guessing both at the same time. This is mathematically infeasible for master passwords of >14 characters.
Your data is protected on your device by your master password and your device's security. If your device's user account is protected with a passcode, password and/or biometrics then a master password of >14 characters is more than sufficient.
This is more secure than using your YubiKey in place of the master password because your master password is used to encrypt your vault, while the YubiKey is typically just used as a form of authentication. Adding YubiKey based two factor authentication to protect a server account is very powerful. Adding authentication steps to your local client app feels secure, but it can easily be bypassed by an attacker with access to you unlocked device because they don't need to use the app. For example, they can copy your database to their device, install a keylogger to capture your master password and decrypt your vault on their own device.
My recommendation would be to choose a unique master password of >14 characters that you find easy to type. You shouldn't need to type it every 15 minutes. If you don't have the desktop app installed then in the browser click on 1Password extension -> Settings -> Settings. If you do have the desktop app installed then click in the app click on 1Password menu -> Settings -> Security.
Thank you for your response. I understand your reply. A shorter master password makes it more usable, but nevertheless, the use of an hardware key to unlock 1p is much more user friendly. Or finger print for that matter.
I have te desktop app installed, but unfortately I still cannot use the fingerprint of Windows hello.
And I have en few desktops without a fingerprint as well, so unlock with yubikey is much appreciated.
One more thing, is it possible to disable the locking of Firefox addon completely? I mean even when closing Firefox? One pc isn't leaving the house. I understand the security risk, but would like to know if its possible.
@Drijfhout If the length of your master password is driving you to find ways of avoiding entering it then it is not helping your security. As with most things there needs to be a compromise. However, I agree that biometrics is much more convenient and encourages use of stronger passwords. My company doesn't allow use of the fingerprint reader on our laptops which tends to lead to passwords which only just meet the company requirements.
You can set 1Password so that you only need to enter the master password once per power cycle. In the browser, click on 1Password extension -> Settings -> Settings and make sure that "Integrate with 1Password app" is checked. In the desktop app, click on 1Password menu -> Settings -> Security and set "Lock after computer is idle" to never.
Thanks for the assist @rootzero.
If you have any further questions @Drijfhout, just let us know!
No further questions. Allthough a bit dissappointed about this few missing functionalities. I understand the why, but I would choose a bit more for convenience versus safety.
Understood, thank you for the feedback