Read first: Previous version support information

Yubikey instead of Master Password

Options
tplas
tplas
Community Member
in 1Password 7 for Windows

I don't understand why Yubikey cannot be used instead of 1Password's Master Password. --other than perhaps that "U2F isn't supported by all 1Password apps just yet". Are there any other reasons?

I am extremely uneasy about having to enter my Master Password so often on my desktop. Sure, I've got it set up to use Windows Hello for most usage, but I still have to enter Master Password at least once/day. And every single time I worry: What is my exposure if someone has managed to get a key logger onto my computer? --But I simply wouldn't have to worry about that, if I were using my Yubikey instead of my Master Password. I would dearly love to have a physical key to unlock my 1Password, rather than simply typing something on a keyboard.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:Yubikey instead of master password

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @tplas:

    Generally speaking, while it's technically possibly to use the static password feature of certain Yubikeys instead of the account password, this isn't something we really recommend, because of the risks inherent with physical keys: loss of the key, theft of the key, etc.

    Additionally, it's important to keep in mind that if your device is compromised, it isn't just your account password that has potentially been keylogged, it's everything else you've done on the computer.

    We're exploring additional options that would allow Windows Hello to persist across reboots on TPM 2.0 enabled devices, so keep an eye out for updates!

    Jack

  • tplas
    tplas
    Community Member
    Options

    Jack- I'm not really looking for simple substitution of Yubikey for a password. I'm wishing for full-on U2F. But for whatever reason 1Password seems to actively resist support of U2F (or physical keys in general?). That's disappointing.

    And yeah, I recognize that key loggers can compromise other stuff, but I'm especially worried about something capturing access to the keys to the entire kingdom in one fell swoop, my password vault.

    So yes, Win Hello persistence across reboots would indeed help. I really do like the way 1P works with face-ID on iOS. And TPM requirement certainly would make sense for that persistence.

  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @tplas:

    Thanks for following up on this. We're always looking at places we can make improvements here, so thanks for letting us know. In the meantime, stay tuned for more updates on Windows Hello persisting across reboots. Thanks again for your feedback here as we work to make 1Password the best it can be!

    Jack

This discussion has been closed.