Use of U2F on iPadOS

Hi @brank I completely agree with you. There are sites though that do offer Yubikey as the single second factor. I for example habe it set up that way on my Namecheap account, SimpleLogin, YouTube and some others. So it does exist but very little.

This is an exciting new feature in 1Password, and not to take away from AgileBits credit in any way for innovating, but it's largely a useless feature, due to no fault of AgileBits.

Most websites that support YubiKeys also require that a secondary authentication mechanism exist. Because companies dont want to deal with customer service issues when customers lose their YubiKeys and are permanently locked out of their data. So companies that support YubiKeys also have an SMS backup, Email backup, etc. And generally mandate such a secondary 2FA be set up.

Essentially this means security is only as good as the weakest link, usually SMS due to SIM swapping attacks, and the YubiKey is largely ceremonial.

One website I setup YubiKey on is Gmail and when I log in, it prompts me for it, but I click "authenticate another way" and then use Google Authenticator function, from within 1Password, to generate a 6 digit code, because it's far easier than getting the YubiKey.

If websites ever allow YubiKey to be the single source of 2FA then this will be a fantastic feature, although I never see that happening.

Just an update for anyone that finds this thread in the future.

The YubiKey 5C NFC works flawlessly on an iPad via USB-C (iPad Mini 6 in this case).

There is also no NFC, USB-C is the only option to use U2F.

Hi @ag_ana thanks for your reply. I do understand that. But why not make it optional which second factor to use. For example I only now use 1Password on devices that support U2F so I do not have any need for an authenticator code anymore and would happily switch that off for a certain degree in added security for my account :)

@JohnnyFJohnsson:

Until every 1Password app on every operating system supports security keys, we need to keep the authenticator app option there, or you would not be able to login on certain platforms.

Hi 1P_Ben, we spoke about it in another thread I opened which is now closed: Since iPadOS and iOS both support U2F is there a plan to allow users to disallow authenticator/code-based 2FA and only activate U2F for thei accounts? Thanks :)

Oddycm

It appears modern iPad Pros have NFC:
https://en.wikipedia.org/wiki/List_of_NFC-enabled_mobile_devices
and as such would be able to work with the NFC-enabled keys listed

If the answer weren't changing in less than a week I'd say that perhaps we should've added an asterisk to say that keys cannot connect to iOS/iPadOS devices via USB-C and are only compatible with NFC-enabled devices.

Ben

I think you meant @Rudy not @Ruby.

Thank you, @ruby. Yes, I understand that U2F is strictly a second factor on logon.

Perhaps I misunderstood the documentation, but does this page not state that the Yubikey 5C NFC is usable on an iPad (with USB-C in this case, since I believe most iPads do not have NFC)?

Oddycm,

It does not. Once you update to iOS 15 and 1Password 7.8 next week that will be a different answer.

It also does not act as a replacement for the master password, it is solely used when adding a new device to your account as a two-factor authentication.