Yubikey & Mac App

Sounds good. Let me know if you have any other questions that I can help with. 🙂

-Dave

Perfect. Kind of what I thought. I will remove it. Just an FYI...here's what iOS is showing. I will delete that as well.

tokyotony

Thanks for the question. I don't recommend using a passkey as a security key when turning on two-factor authentication for your 1Password account since that use case isn't supported at the moment and you may run into issues.

When enabling two-factor authentication for your 1Password account only add hardware security keys or an authenticator app that supports one-time passwords: Turn on two-factor authentication for your 1Password account

If you've saved a passkey as a security key then I suggest that you remove it as a second factor from your 1Password account and then delete it from Keychain.

-Dave

ref: dev/b5/b5#19787

So, for good measure, I did save a Passkey on my Phone (scanned the QR code and saved it in iCloud Keychain). Is that also valid 2FA for 1P?

tokyotony

Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey.

Thanks for the reply. Clicking the key icon dismisses 1Password and passes the request along to the browser which handles the the setup of the security key. Since certain browsers include the ability to save passkeys in their built-in managers they may give you the option to save a passkey instead of setting up your YubiKey.

Hopefully the flow can be made more intuitive in the future.

-Dave

Hi Dave - Perfect. Just a suggestion that perhaps the instructions should be modified to include this. Clicking that key icon not only allows you to add a security key but it also allows you to add a passkey. Thanks!

tokyotony

Thanks for the reply. It sounds like you were able to setup the YubiKey using Chrome and Brave, let me know if I misunderstood that. There is a known issue where YubiKeys setup using Firefox aren't working with the 1Password for Mac desktop app and our developers are investigating. I'm sorry for the inconvenience.

Second.... the pop up shown above is a bit confusing.

I'm sorry for the confusion. Both hardware security keys and passkeys use similar webauthn technology. When a website sends a request to save either a security key or passkey 1Password is unable to tell which type the website is trying to save and will show the passkey prompt:

Clicking on the security key icon, as you did, tells 1Password that you're trying to setup a hardware security key and not a passkey. Once you click the security key icon, 1Password will let the request pass through to the browser so that you can setup your security key. You can read more here: Save and sign in with passkeys in your browser

Let me know if you have any other questions. 🙂

-Dave

ref: dev/core/core#27958

So, to sum up. Setting up the Yubikey on Chrome and Brave works. For good measure, I tried Firefox again, and the key I created using Firefox would not let me log back in to the app.

Second.... the pop up shown above is a bit confusing. Save doesn't seem to do anything but create a new entry in 1P. Instead, if I click the Yubikey icon, I get the opportunity to then enroll a Yubikey. Seems I can also create a Passkey which I have done so on my iPhone after scanning in the QR code. The below is the link to which I followed to set up my Yubikey but no mention of this popup or ability to create a Passkey as 2FA for 1P.

https://support.1password.com/security-key/

Also, now I have 2 entries for 1Password and both just have Passkeys. Odd.

Hi Dave,

I tried both on Brave and Chrome to set up a Yubikey. I tried Brave first but didn't seem to get a way to set up at all. It just churned when I put the Yubikey in and pushed the side buttons.

I then tried Chrome. That seemed to work better, but it bring up this odd dialog box asking me if I want to set up a passkey.


At first, I clicked Save and nothing happened. Again, I clicked Save and nothing happened. I then when ahead and click the X to close the box. The 1password website showed a Yubikey had been set up. Weird. I tried it, but nothing. I thought therefore maybe a 1Password passkey was then set up on my Mac. I tried login in with it, but not go.

So, I tried again on Chrome, and the same dialog box comes up and now shows 2 passkeys saves (weird) and I decided to click the Yubikey icon at the top right. The allowed me to finally set up the Yubikey. I tried using it to log into my account, and everything is fine.

I'm really confused by the dialog box that pops up.