Request: Allow log in from browser without forcing authorization from an already authorized device

Hello Dave and MaKolarik,
thank you very much for these detailed explanations. I understand now the requirement of the authorization by a trusted device. It’s the device which creates the encryption key, and it is stored on the device. While I understand the complexity of implementing passkey unlock I am disappointed that the secret generated by the secure enclave whether it’s the one on the Yubikey or the biometrics of the phone are not used to protect the 1password master key, as I thought. So how is the secret protected now if the passkey only is used for authentication to 1password servers ? the device’s key chain security ? that would mean that i delegate the quite strong protection of the current master password only known by me to the protection of the key chain. as i read recently it is possible to reset the apple id password of a stolen phone just with the pin code, so currently, I am not convinced of apple’s way of handling key chain security. they work on an improvement but due to trusted locations there will be still flaws in their security. So I think I’ll stick with the master password until it’s possible to encrypt and decrypt the master key truely with a secret stored on a secure external device only like my Yubikeys. It’s not so convenient but at least i know that the master key will always be protected by the zero knowledge principle.

@dave: i indeed carry around my printed secret key (without any hint what it is for of course). It’s only a phishing protection for me. you may have me robbed by some gangsters now… ;-) But, in my humble opinion, it is not possible even with the secret key to get access or to decrypt the vault of to 1password as the master password is still in my head only so if i stick to the scenario that only my phone gets stolen but i still have my printed secret key, i would have plenty of time to login from a browser to get access to 1password even on vacation, change important account passwords and change my secret key as well by the way. even if the stolen phone would have been unlocked it does still not allow to unlock 1password. If i would carry the new recovery key with me that seems more dangerous: an unlocked stolen phone gives access to email account, so if i also get my wallet stolen (with the recovery key) they can gain access to 1password and i would have no way to stop it : without the provider’s password from 1password i cannot access my email account and i cannot recover it as the fallback of the email provider likely is the phone number of the phone which is stolen. so the thief would have plenty of time to identify as myself on 1password and take over the account with the recovery key. you need to have really bad luck to all this happening, but it’s possible, and for me true security is only working if one element is true zero knowledge all the time (currently my master password). this does not seem to be the case with the current passkey unlock impIementation. am sorry i did not have read the white paper before. i naively thought that my good old master password would simply have been replaced by a strong key on the Fido2 device (yubikey, secure enclave) secured by a pin or biometrics. but i know understand that you implemented a whole different concept. would be glad to know the reason why it’s not possible to implement it like I thought. Of course feel welcome to correct me or add information if i got something wrong. besides that, being a developer myself as well I understand that things sometimes aren’t that easy as they look like. Great job for continuously improving 1password.