Why is enforced 2FA restricted to only the Strong password policy?


This is counterintuitive. Being able to enforce 2FA should not be dependent on longer minimum passwords.

Adding 2FA is all the more important for less stringent password policies - why do you insist on the use of the strong policy (which creates more friction for users every single time they unlock their vault) to add 2FA (which protects their account/our secrets without significantly increasing user friction)?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • Ben

    Hi @Hatclub

    Thanks for the feedback on this. I'm not entirely familiar with the decision making that went on with regard to that setting, but I'd be happy to pass your comments along to the appropriate team for their evaluation. What you say makes a lot of sense to me. Hopefully as we continue to evolve this new feature we can find ways to make it work better for even more organizations.

    Thanks again for sharing!


This discussion has been closed.