I use 1Password on my Android device. I have fingerprint unlock on my Android. I use the fingerprint to unlock my 1P mobile app as well. I consider this next to essential, due to the amount of times I access 1P on my Android on a given day. If I have to enter my Master Password each time I want to use 1P - which I set up to be as entropic(?) as possible while still being memorable - it will be a nightmare, especially on the tiny keyboard.
With this setup however, if my device is stolen and my fingerprint unlock is compromised, so is my 1P. A good Master Password becomes useless, because I am essentially bypassing it.
Therefore, I was looking at getting a U2F hardware key to help with this. I have several questions though.
If the answer to #1 is 'Yes', my authenticator app would also be on my Android. If the Android were stolen and compromised to become unlocked, a malicious actor would have access to the authenticator as well.
I see that if you forget your 2FA, you can log into 1P from an 'authorized' device/browser and turn off 2FA. Does my Android become an authorized device as soon as I log in successfully? Would that mean I don't need to use 2FA on subsequent logins? I would want the U2F key to be used each time for my Android.
Can you require U2F for certain devices only and have others only require the master password? Ideally, my desktop wouldn't require it, as I am not concerned with 2FA on my desktop. The likelihood of it be stolen from my home and the OS password compromised is low. In that event, I am fine relying on the Master Password to protect 1P information.
If I must enable TOTP for U2F, what if I were to use 1P to manage the TOTP? I understand that this may be akin to 'locking the keys to the castle inside of the castle'. It would be useless to actually unlock 1P, but I could then rely on an 'authorized device' to turn off 2FA if I were to ever lose/break my U2F key.
My ideal scenario would be:
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided