Yubikey Neo support for 1Password?

JHerig
JHerig
Community Member

Now that YubiKey has created their SDK for working with the Yubikey Neo on iOS 11 (seen here), will AgileBits be adding support?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • bknightly
    bknightly
    Community Member

    I saw the same article this morning as @JHerig and am wondering the same. Any anticipated timeline for NFC support with the 1password iOS app? Thanks!

  • No definite plans that I’m aware of at this point, but definitely cool technology and we’ll be keeping an eye on it.

    Ben

  • captbrando
    captbrando
    Community Member

    Ben:

    One of the things you can do with the Yubikey is attach a PIN to the device (or, in reality, change the default PIN) so that you can do a more traditional 2FA authentication. With the very strong passwords that the subscription service requires, this would add both convenience and added security to the vaults.

    The Yubikey (or one of the authorized keys, remember, you want a backup) would be presented to the machine via USB, touched to activate, and then a PIN entered before the vault could be unlocked. Something similar would happen on the mobile side as well.

    I’m less concerned about the mobile side, but much more concerned about the desktop side—especially since my machine locks itself multiple times throughout the day. Add in the very lengthy password and there is some productivity lost every day. To the point where I am preferring the apple keychain over 1password.

    Also, just sayin, LastPass implemented it right out of the gate :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for chiming in! As Ben mentioned, it's something we can consider adding in the future. Though, notably, that wouldn't work anyway unless you're using a 1Password.com account. And we already have two-factor authentication there.

    However, it's impossible to have a second when there is no authentication, as with local vaults. And it sounds like you're not talking about using YubiKey as a second factor anyway, if it's in lieu of entering your Master Password. That would be single factor. But thank you for letting us know that you'd specifically like us to add support for YubiKey to 1Password. Cheers! :)

  • DaveFL
    DaveFL
    Community Member

    Another vote for Yubikey Neo support. Would be a nice addition for membership users.

  • Thanks for the feedback @DaveFL. :)

    Ben

  • kenkho
    kenkho
    Community Member

    Please add Yubikey for 2FA.

  • Thanks for the suggestion, @kenkho.

    Ben

  • seanpowell
    seanpowell
    Community Member

    Another vote for Yubikey!

  • Thanks for sharing your input, @seanpowell.

    Ben

  • prime
    prime
    Community Member

    Another vote :+1:

  • Thanks, prime.

    Ben

  • danielhf
    danielhf
    Community Member
    edited August 2018

    +1

    This is huge and seems pretty obvious for a security product. Additionally, the fact that the only 2FA option for 1Password utilizes a mobile app (Google Authenticator, Authy, etc.) with a QR code-based-one-time-password is far from ideal. If I am a user of 1Password and I'm taking advantage of all its features, I will not have one of the mentioned authenticator apps on my phone—I will be using 1Password to handle my 2FA QR-code-based OTPs. If that is the case, I think the issue is pretty obvious.

    I'd like to see Yubikey NEO added as an option for 2FA in addition to SMS, since I don't want to have to keep Authy/Google Authenticator on my iPhone as just an app to manage 2FA for 1Password.

    I've used 1Password personally for years, but Lastpass at my employers. I love that 1Password has the ability to manage OTPs (unlike Lastpass), but Lastpass's support for Yubikey NEO has me on the fence. I'd love to see this taken care of 😉

  • Ben
    Ben
    edited August 2018

    Thanks for your perspective on this @danielhf. Obviously we need to carefully evaluate any features that allow someone access to a 1Password account, but we are looking into how/if YubiKey's offering might fit into the 1Password ecosystem.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @danielhf: U2F is being considered because it offers a security benefit. We're not adding SMS.

  • danielhf
    danielhf
    Community Member

    Thanks you for the responses @Ben and @brenty for the prompt responses.

    I understand why you wouldn't want SMS from a security perspective. My point in mentioning SMS was specifically that it was a 2FA option that didn't require an application for which 1Password was already satisfying the need for. I'd love to see U2F and Yubikey support.

  • :+1: :)

    Ben

  • prime
    prime
    Community Member

    SMS is the worst there is. It shouldn’t be used anymore at all for a 2nd factor, but sadly banks still use this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'd say email is worse, but it's a close call. ;)

  • nightyear
    nightyear
    Community Member

    Another vote for Yubikey Neo support for 1Password IOS.

    As an aside, I love that Agilebits stays on the forefront but not the bleeding edge of security issues, and for your well-reasoned explanations of why you support and use various technologies or standards. I wish every vendor I did business with would do likewise. Keep up the great work :)

  • Thanks for the kind words and feedback, @nightyear. :)

    Ben

  • webpeaks
    webpeaks
    Community Member

    Another vote for Yubikey Neo support for 1Password IOS.

    Best regards
    Tom

  • :+1:

    Ben

  • JamesHenderson
    JamesHenderson
    Community Member

    +1 for Yubikey New for Mac and iOS. I really like 1Password* and wouldn't change it for anything, but it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    *...except for some v7 UI topics)

  • Thanks @JamesHenderson. We do have support for Duo at some membership levels which may offer a more true “2FA” experience. We will continue to evaluate how Yubikey may fit in to the equation, though.

    Ben

  • JamesHenderson
    JamesHenderson
    Community Member

    @Ben cheers. The Duo is just for business use though, isn't it?

  • 1Password Teams and 1Password Business, yes.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    it doesn't truly have 2 factors as I understand it to be defined (something you know and something you have).

    @JamesHenderson: That's not inherently true. You're welcome to use a dedicated device for two-factor authentication. And old phone will work, even without any internet access. :)

  • JamesHenderson
    JamesHenderson
    Community Member

    @brenty ...well blow me over and call me windswept. When did you sneak that in?

  • JamesHenderson
    JamesHenderson
    Community Member

    oh hang on; It's only for the first use on a new device though. ...so better than I thought but still not "proper" 2 factor.

This discussion has been closed.