Enforce Two-Factor Authentication
There is a difference between the above explanation and the actual behavior.
When Sign in for the first time, 2FA input is required, but after the second time, 2FA input was not required.
Which is correct?
1Password Version:7.3.712
_Extension Version:1.16.2
_OS Version: Windows 10
Sync Type: Not Provided
Comments
-
@choi_mixi: Thanks for reaching out. I’m sorry for the confusion! The setting in your screenshot requires two-factor authentication to be used by all user account in your business membership -- hence "need to set up two-factor". It has nothing to do with when they need to authenticate. Unless you use only the 1Password web interface -- none of the apps -- and check the box for "This is a public or shared computer", you only need to authenticate the first time you sign in to your account in the web browser (or app) on a device. 1Password's security is based on encryption. No authentication is needed when you already have your encrypted data on the device; it simply needs to be decrypted using your Master Password. When you sign into the account first on a device, it needs to authenticate to download the encrypted data from the server. After that, the data is already available, so the server doesn't even need to be contacted, which is how you can use 1Password offline. Two-factor authentication only comes into play when you need to authenticate with the server, as an extra step. It uses either a one-time password or hardware key as a protection against a replay attack, for example if your static Master Password and Secret Key were stolen from you: in that case, having two-factor authentication enabled would stop the attacker from authenticating to sign into your account without the second factor. Otherwise it is not relevant. Unlocking the 1Password app does not involve authenticating over the internet with a server, but rather decrypting the data locally. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Thank you for your explanation the detailed mechanism of 2FA.
I understand.0 -
On behalf of brenty, you are welcome! If you have any other questions, please feel free to reach out anytime.
Have a wonderful day :)
0