Use of PRF extension

Hi Dave, thank you for your reply!

Yes, indeed, PRF still lacks general support, and I think that the encryption scheme you have developed is a very good and safe alternative for devices that lack support. The only problem I see is that you need a trusted device to gain access to your account, which means a YubiKey by itself is useless. It seems that up-to-date Android and Chromium browsers do support it (and probably iOS, but I can't test), so it should cover a majority of users. Maybe an idea could be to use PRF wherever it's possible, and fallback to a trusted device otherwise?

Can you tell me a little more about this? If you save your passkey for 1Password in iCloud Keychain, it will be synced and available on all devices signed into the same Apple account.

I was thinking of the following scenario: you use 1Password on your phone and it is lost. If you're able to recover your Google/Apple passkeys on another phone, you won't be able to unlock your 1Password data unless you have another device set up (or your recovery code + email account accessible without 1Password). With PRF, you would be able to decrypt the data with the passkey.

By the way, another suggestion that comes very close to this topic: I think it should be possible to recover an account with passkey + recovery code (currently, you need passkey + trusted device or email access + recovery code). My reasoning behind this in the event of a complete device loss (like a burglary or a fire), you may still have a YubiKey on your keyring and a safe copy of the recovery code, but not access to your email account (especially if it's stored within 1Password).

Thanks again for your explanation and being open to community suggestions!