Feature Request: Yubikey or similar USB token instead of MP

Options
ContinuIT
ContinuIT
Community Member
in Mac

There's a lot of talk about 2 factor authentication and whether or not it should be implemented and various security implications. What I'd really like to see is something like the ability to have 1PWD remain unlocked as long as my Yubikey/USB token is in the computer (i.e. unlock once and stay unlocked while the key is inserted and lock immediately on removal). The token/key could be registered inside 1PWD so if lost, can be revoked. I spend a huge amount of time bouncing from web service to web service and use 1PWD all the time. I would be lost without it BUT... I'm constantly having to enter my very complex master password and setting a long timeout is not an option because I don't want it to remain unlocked when I leave my desk/office (if I just unlocked it to do something quick). The use of a 2nd layer of authentication would totally solve my problem and allow me to ensure that 1PWD is locked when I'm not physically there. Pretty please....

Comments

  • Gyran
    Gyran
    Community Member
    Options

    You can have a long timeout and have the option "Lock when screen saver is activated" and make sure the screen saver is on before you leave your computer.

  • ContinuIT
    ContinuIT
    Community Member
    Options

    I allow others to use my computer though so this doesn't really solve my problem. Some people hot-desk too. I would prefer a physical token or promimity device that ensured it was locked when the user isn't there.

  • junnny
    junnny
    Community Member
    Options

    I'm going to join the Yubikey-support feature request group by adding my own "pretty please." Just to make this request, I had to first demonstrate that I wasn't a computer by filling out one of those illegible "kapchas" and then, before I could post, send back a confirmation, proving that I'm the one who's registering in the first place. And THAT's just to put in my two cents here. It's not like I'm doing an online bank transaction, or anything :-)

    Anyways, unless the Yubikey represents a security liability, I can't see what the objection would be. I'm not a security jock or anything, but I still don't buy any reasons that argue the Yubikey only offers a little more (even negligible amount) of security -- "so why bother" If security is the only name of the game, then I would want it for that reason alone -- a totally robust Master PW, for example. But, using it could be quite convenient on top of this.

    Well, OK -- it's a request for Agilebits to support the Yubikey. I mean, is it really LESS secure? A bad idea? More trouble than it's worth? I think it's a good idea. So does Yubikey. Are they wrong? :-)

  • Meek
    Meek
    Options

    Hi @ContinuIT‌ and @junnny‌,

    Thanks for letting us know that you would find this feature useful!

    If you are interested in a further discussion on the reasoning behind adding a feature like this, there is an awesome thread about this - along with a great post from our Security expert Jeff Goldberg here:

    http://discussions.agilebits.com/discussion/3/feature-request-yubikey-support/p2

    Have a read through that and let me know what you think!

This discussion has been closed.