[Feature Request] Allow OTP and Passkeys Only from Mobile Device

I would like to request a security-focused feature related to both passkeys and OTP codes.

My goal is to enforce a workflow where passkeys and OTP codes can only be approved from my mobile device, even when I initiate login from a desktop browser.

What I’m requesting:

1. Mobile approval required for Passkeys
   • When logging into a website from my desktop, instead of immediately completing the login after unlocking 1Password, I would like a push-style approval request on my mobile device.
   • The login should only proceed after I explicitly approve it on my phone.
2. Mobile approval required for OTP autofill
   • When a site asks for a 2FA OTP code, the desktop extension should not immediately reveal or autofill the OTP.
   • Instead, the OTP should only be:
     • Visible on the mobile device
     • Auto-filled on desktop only after I approve it from the phone
3. Optional “OTP visible only on mobile” mode
   • An additional security setting where OTP codes are never displayed on desktop at all.
   • The mobile device would act as the secure second factor, and desktop would only receive the code after explicit approval.

Why this matters

Currently, unlocking 1Password on desktop (with password or biometrics) immediately grants access to passkeys and OTPs. While secure, this behaves similarly to password autofill from a user-experience perspective.

What I’m looking for is a stricter security model where:

• Desktop acts as the request origin
• Mobile acts as the approval authority

This would provide stronger separation between the device initiating the login and the device authorizing it — similar to how some authenticator apps handle push-based approvals.

It would significantly improve confidence when using passkeys and OTPs for sensitive accounts.

Is something like this planned or under consideration?

Thanks!