2FA watchtower false positive
I have a login to apps.rackspace.com which watchtower flags as "Two Factor Authentication Available". The problem is that it's wrong (well sort of). Rackspace has true two factor authentication for admin accounts. However, I, as a lowly user account, only get the option to add a phone as a recovery mechanism. This is effectively just a different single factor authentication (which I did not set up do to the risk of a sim-swap attack). Rackspace does not have 2FA for user accounts (and no option for an admin to set it up for everyone either). Yes, I could tag it was "2FA" but I like this tag only for things that are in my authenticator app. Also, nested tags like "2FA/app" do not get removed from watchtower unless they are also tagged with 2FA.
Also, is there anywhere in particular that I can send you guys websites that support 2FA so that watchtower can flag them for people? How often do you update this?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @tmakaro!
Also, is there anywhere in particular that I can send you guys websites that support 2FA so that watchtower can flag them for people? How often do you update this?
We get that list from twofactorauth.org, so if you have any changes to suggest, I recommend sending it to them. 1Password then will update when that list changes ;)
Which is also why I think you are seeing this on the rackspace website: if twofactorauth.org shows that rackspace supports 2FA, 1Password will show you the prompt because it has no way of knowing if your account is an admin account or not. The only way to suppress the warning, as you said, is to use the 2FA tag.
0