I am relatively new to 1Password, and setup my passwords using your web interface. I also setup your Android app and everything was fine, as I was getting used to the new 1Password normal.
Once comfortable, I enabled Two factor auth on a authenticator app followed by a Master password change to a stronger one.
This was the behavior in the Android app.
- To login it asked for my biometric auth
- That was stuck at 'decrypting' screen without opening.
- Then I tried entering the new Master password, it did not even accept that. Hard luck.
- Forced killed the app and tried again without network, this time it worked. Not sure why.
- To sync, started network, and app gave a 'update account' screen, asking for new master password.
- Entered the new Master password and confirm.
- Now it asked me for two factor auth.
- I switched to the authenticator app, got the code
- Now when I'm back on the 1Password app, again on the login screen.
- This is now a loop!
Finally, disabled the two factor authentication.
- Came back to app, deleted app cache and setup app like first time login experience.
- This worked and I was able to access the app. This was a sigh of relief.
Now I enabled two factor authentication again.
- The app asks for two-factor code when i login using biometric.
- Switch to the authenticator app, get code.
- Switching back to 1Password, provide biometric again.
- Fortunately the two factor prompt page is still present I could enter the code
Here's my ask for your team
- Please try these setup scenarios internally so that the overall experience in providing two factor auth can be improved.
- In a scenario where I just had the app (not logged in to website) , it would have become impossible to login.
- Enable switching between apps (multi-tasking), for when two factor app prompt is requested, allowing to copy and enter it.
- I'm worried that in event I loose my phone or it crashes, the new device with two-factor auth setup may just lock me out. [Unless I'm signed in to a web app where I can disable two factor auth, and that's risky too]
Question from security point:
How much value is there to keep the two factor auth enabled ?
Overall, I'm still happy with 1Password, I just want to share this so that it can be improved.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Multi-tasking support when providing two factor authentication