Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Feature request: Unlock 1Password with a Yubikey
This discussion was created from comments split from: Works with yubikeys? iPhone Pin protection ?.
Hi Dave --
The reason I'd like to use a Yubikey+PIN, preferentially, vs. the other options you described, is that in my view it can be configured so that it is a more-secure means of authentication in a wider range of threat scenarios.
I.e. TouchID is very secure, until a bad actor or law enforcement compels you to use TouchID to unlock something. As there is no PIN or password required this can be done against the fingerprint-owner's will, even when the owner is unconscious.
Account password alone is reasonably secure, until a bad actor or LE uses keystroke loggers, hidden cameras, or even advanced keyboard audio analysis to intercept the password as you type it.
AppleWatch may or may not be secure but it is exceedingly expensive, bulky, and difficult to keep "backup units" on-hand in case it is lost, damaged or stolen.
With multiple YubiKeys configured, esp. the tiny form-factor Nano series, it is possible to authenticate BOTH with something you have (the device) and something you know (the PIN).
Unlike the other methods you describe, it is much harder for a bad actor to compromise your means of authentication without you knowing. If the physical Yubikey is stolen or seized, without the PIN it cannot be used.
If the PIN code is perhaps remotely compromised (via keyboard logging, video/audio keypress interception, etc,) the attacker still also must physically possess the Yubikey device to authenticate successfully.
It is still possible for it to be compromised but it requires hurdling of _both _ the "something you know" and "something you have" barriers.
Additionally and separate from the above concerns, with a physical token + PIN required, and multiple backup tokens configured & securely stored in obscure locations, it is possibly to self-enforce a no-access policy to the device by ditching or destroying any tokens in ones possession. In that case it is not even possible for an attacker to compel authentication/access, even under the worst forms of coercion.
(But access could be restored at some later time, i.e. by retrieving a hidden/scattered backup token at a later date.)
