Checking for two-factor authentication and subdomains

Options
Calion
Calion
Community Member

Watchtower uses TwoFactorAuth to see if a website supports 2FA. However, if the subdomain in the URL in the 1Password item (say, https://account.adobe.com) doesn't match the one that TwoFactorAuth has (say, https://accounts.adobe.com), then the two-factor authentication alert won't pop up. TwoFactorAuth themselves don't recommend using subdomains, so perhaps that should be changed.


1Password Version: 7.4.1
Extension Version: Not Provided
OS Version: macOS 10.14.6
Sync Type: 1Password.com

Comments

  • Ben
    Options

    Hey @Jim A Syler

    Thanks for the note! I'll be happy to pass this suggestion along to our development team. This is a bit tricky as in some cases subdomainA.domain.com is an entirely different site / service from subdomainB.domain.com. The former may support TOTP and the latter may not. So it is a bit of a double edged sword whichever choice we make here. You'll get either false positives or false negatives either way. That said, I'll recommend that we take another look at the decisions we've made here and see if they still make sense.

    Ben

This discussion has been closed.