1Password as virtual Smartcard

Hello

the Januar Microsoft Update and general security issues that may arise when using autotype features to user/password prompts made me think what would be a solution for cases where the current 1Password can't replace passwords.

https://4sysops.com/archives/autofill-credentials-into-the-windows-authentication-dialog-fails/ for 1Password autotype (drag&drop and "quickaccess"). Just because 1Password is a modern "WindowsApps" application, it can't have the required `uiAccess='true'` by default. Having a process running elevated as admin is not a solution for me either.

In any case, the risk of autotype accidentally typing into the wrong window arises when applications open or close at the wrong time. Therefore, Autotype is not a very secure solution, but sometimes it is required.

In some environments, the solution might be for 1Password to provide a virtual smartcard, while in others it might be a virtual Fido2 device. I think there are security design limitations that will prevent a "vFido2" device I guess. In this case, how about using a virtual smartcard so that the option "Use Smartcard for this connection" ("Smartcard für Verbindung verwenden") can be selected?

As https://learn.microsoft.com/en-us/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started there might be a way to shift that to 1Password to be able to use the Smartcards on different computers, share them and maybe make a central deployment for that 😛

Don't use the following Microsoft Virtual Smartcard in every secure environment, but for some it may be enough. It uses TPM so it already has some security measurements builtin, but it is not un-/replugable like a physical one. So here you got a screenshot about what microsoft describes as a default virtual smartcard creation including creation of a virtual reader on the page linked before:

How I think it could work when 1Password had a virtual Smartcard and a virtual Reader:
Install the virtual reader like the "ssh agent" installation process is done.
Create an emtpy virtual smartcard (maybe with 15 slots).
Now the default provisioning process could start to generate the keys through Microsoft certmgr 
Alternatively the virtual SmartCard could be shared through 1Password with someone that is in charge of configuring it.
Maybe there might be a requirement for redirected virtual smartcard readers as well so that you could use them on virtual machines and terminalserver after doing rdp to a target without installed 1Password but only with that driver. 
1Password should be in charge of changing the smartcards in the virtual smartcard reader and will remove the smartcards when requested by user/time/lock/standby