After setting up two-factor, am able to see passwords without 2nd factor

securitytesting890
securitytesting890
Community Member

After setting up two-factor (authenticator app and security key) I was surprised when after logging out of the MacOs app, all that was required when I logged back into the application was my master password. While the two-factor authentication window requesting the six digit authenticator code popped up, I could just close it and view all the passwords in my vault.

I expected that the second factor would have been required to view my passwords. What am I missing?


1Password Version: 7.3.2
Extension Version: Not Provided
OS Version: 10.14.6
Sync Type: Not Provided
Referrer: forum-search:After setting up two-factor, am able to see passwords without 2nd factor

Comments

  • Hi @securitytesting890

    2FA for 1Password accounts is used to authorize a device. Once a device is authorized 2FA will not be required again unless the device is deauthorized. It is not required to unlock each time, as that would make it impossible to access your data while offline.

    Ben

  • securitytesting890
    securitytesting890
    Community Member

    Helpful, thank you. I presume after a certain period of time lapses, I will be required to reauthorize? (after 30 or 60 days?) or is it a lifetime 2FA for the device? Thanks!

  • ag_ana
    ag_ana
    1Password Alumni

    @securitytesting890:

    It is for the lifetime of the device. The only exceptions could be browsers: if you login to your 1Password account and authenticate with 2FA using Chrome, for example, you might be asked for your 2FA codes again every time if the browser is set to delete cookies when you quit it.

This discussion has been closed.