Feature request: Hardware lock individual vaults

Question

I would like to create a vault that is locked to my hardware (FIDO2) keys. That is, separate from the app login, if I try to access this vault, I should get prompted for my YubiKey.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

1p_dave · Answer

Hello cobaltjacket! 👋

Thank you for the suggestion! 1Password uses security keys for two-factor authentication however the security of your vaults is primary based on encryption, not authentication. You can read more here:

Authentication and encryption in the 1Password security model

When 1Password is locked, your account password is required to unlock the app because it is the secret that decrypts the items in your vaults. Requiring a security key to access certain vaults after you've already unlocked 1Password could arguable be a form of "security theatre" since that vault's information would already have been decrypted when you entered your account password and an attacker would just need to locate that decrypted information on your device rather than providing a security key to access the vault in the app.

Can you tell me a little more about why you'd like to see such a feature? Let me know if I misunderstood the suggestion.

-Dave

Forum Discussion

Feature request: Hardware lock individual vaults

1 Reply

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Native Password AutoFill Extension macOS

1Password 8.11.22 not available for Chrome and Firefox

How to Reveal Entire Credit Card Number

enable auto-fill for localhost (local IP network device) websites

I didn't reset nightly version