U2F Security Key on Desktop Feature

I understand that U2F is currently only supported on web version and mobile (IOS, Android).

I'm wondering if there are any currently ongoing efforts, or planned efforts, to implement U2F in the native desktop applications?
Also, if this was done would you also allow for the removal of TOTP for users to just make use of U2F?

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member
    edited July 11

    Hi @Oddycm! Welcome to the forum!

    I'm wondering if there are any currently ongoing efforts, or planned efforts, to implement U2F in the native desktop applications?

    We don't have any timeline to share at the moment, but it's certainly something that we are aware of :+1: I will add your feedback to the internal discussion we use to track this.

    Also, if this was done would you also allow for the removal of TOTP for users to just make use of U2F?

    Maybe yes, although this would be something for the security team to ultimately decide. If we get to a place where all of the apps support U2F, this is definitely a discussion that we will have.

    ref: dev/apple/issues#4130

  • ..... waiting patently for this..... :lol:

  • ag_anaag_ana

    Team Member

    :+1::)

  • I would really love it if you just allow us to disable TOTP now. I use 1PX and the Android app. The desktop app provides very little additional utility compared to 1PX and I probably haven't used it in months at this point. Give us a little warning when we try to disable it telling us what we'll be locked out of.

  • BenBen AWS Team

    Team Member

    Thanks for the feedback @LLemon. We're not in a position to do that now, but I appreciate your passion for U2F and we'll continue to evaluate how to best move forward.

    Ben

  • No U2F support for macOS native app, 1PX is not available for Safari. Not much secure :(

  • BenBen AWS Team

    Team Member
    edited August 14

    2FA (of which U2F is a sub-section) only plays a small role in protecting your 1Password account. You may be interested to read about the role of 2FA as it relates to 1Password. My colleague Daniel wrote about this in a forum post, here:

    When will 1password prompt for 2fa? — 1Password Forum

    Unlike most services, end-to-end encryption, the keys for which only you have, is the primary thing protecting your data. That isn't to say we don't have an interest in supporting U2F more broadly... we do. But it isn't incredibly high on the priority list, as there are much more important and stronger measures that are in use to protect 1Password data.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file