It’s currently limited to 1Password.com on supported browsers.

What you need to know

  • 1Password now works with U2F security keys for two-factor authentication.
  • Two-factor authentication was first added to 1Password in 2018.
  • Keys are currently limited to supported desktop browsers.

1Password, my personal password manager of choice, is getting a big upgrade to make it even more secure than it previously was. After rolling out support for two-factor authentication via authenticator apps in 2018, 1Password now works with physical U2F security keys.

U2F security keys work with 1Password using a new API called WebAuthn, with 1Password developer Jasper Patterson saying:

We’re excited to be among the first services to adopt this new browser standard. WebAuthn is backwards-compatible with U2F, so all certified U2F security keys will work with our WebAuthn-enabled flow.

1Password is implementing U2F keys as a new method of secondary authentication. In other words, while you’ll still need to have an authenticator app set up on your phone, you’ll be able to use the key to approve the second authentication step rather than getting the code from your phone.

You can use a variety of U2F keys with 1Password, including ones from Yubico and Google’s own Titan key. As long as it supports U2F, it’s good to go.

Right now, U2F keys work on 1Password’s desktop website with Chrome, Firefox, Opera, Edge, and support for Safari 13 in the fall. Unfortunately, if you’re using 1Password’s desktop or mobile apps (or a browser that’s not supported), you’ll need to keep on using the two-factor app on your phone.

It’s unclear if/when 1Password will bring U2F key support to its apps, but even with that missing, this is still great to see.

Worth every penny

1Password

From $ 2.99/month at 1Password

An easy-to-use and secure password manager.

1Password makes it easy to keep track of all your online passwords while also ensuring you keep your information as secure as can be. Your subscription gives you access to unlimited passwords, 24/7 email support, and two-factor authentication that now supports U2F security keys.

« »