Wordpress sites: 2FA issue

jimthing

Website "TidBits" appears in Watchtower as having the 2FA option.

According to Adam Engst in their Slack, he had an idea this is because it's a Wordpress site...

Adam Engst:
No, we don’t have 2FA enabled for tidbits.com. I’m guessing that 1Password is seeing that we use WordPress and that there are 2FA plugins for WordPress.
Discourse, which is what we use for TidBITS Talk and article comments, does also support 2FA. Although users can turn that on themselves in theory, since we have single-sign-on with our main WordPress site, I don’t know how it would all work.

Is this correct?

If so, I guess the only way to remove it from WT, if desired, is to tag it "2FA" – apart from removing it from WT, does having these logins tagged under a "2FA" tag in our 1P help in future, or is there perhaps some other good reason to tag them "2FA" I can't see (apart from the WT removal)?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

jimthing

...Anyone in?

Jasper

Hi @jimthing,

What domain do you have saved in your login item for TidBits? I don't see tidbits.com as part of our 2FA sites list.

jimthing

Hi (sorry, didn't get a notification on thread reply, strangely).

Anyway, the URL saved is:
https://tidbits.com

And weirdly, on the "Two-Factor Authentication Available" warning banner at the top, when I click the "View Instructions..." link, it's this address:
https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification

Nothing to do with Tidbits or Wordpress?

Lars

@jimthing - hmmm...on the main TidBits site, clicking the "Login" button doesn't give the usual option to Register. Am I missing something or is the only way to register to become a member (which means giving them some money)? I'd be happy to test this further if I can register without becoming a paid member, but I didn't see a way to do that.

jimthing

(Sorry been busy hence forgetting to respond.)

@Lars ...I'd be happy to test this further if I can register without becoming a paid member, but I didn't see a way to do that.

Free accounts are a bit hidden (accounts needed for adding article comments & forums).
But yes, it might be a good idea to test this via your own trial, then unsubscribe after testing.

Path:

https://tidbits.com
"Get Tidbits"
"Email"
(halfway down the page) "sign up for a free account" (= https://tidbits.com/wp/wp-login.php?action=register )

TIA.

AGAlumB

@jimthing: Thank you! I was able to sign up and test this...but I am not getting a Watchtower warning. Do you maybe have multiple URLs saved in that Login? What are the exact OS and 1Password versions you're using?

jimthing

@brenty - sorry for late response; didn't get an update email.

Anyway, this:
https://tidbits.com

Again, the "View Instructions..." button, rather strangely takes you to here:
https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification

See today's screen shot:

Jasper

@jimthing It looks like you might have your email address saved in a website field. And I'm guessing you use a Microsoft hosted email?

jimthing

@japer Yes, em is outlook.com. As for the section, I didn't see that one, oops.

Moved the em the next "Section", and it disappeared. Who knows how I managed to add that one previously...? Maybe a future warning feature notice idea for 1P, haha. Thanks.

AGAlumB

Interesting. Thanks for sharing! :)