Tw-Factor Authentication

We have Two-Factor Authentication active for all of our staff using 1Password.
How often does it prompt for the code during the MFA process - is it just on initial setup of the account? Every 30 days? etc
Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @WAnderson, welcome to the 1Password Support Community. 👋

    Great question. After two-factor authentication is enabled for your 1Password account, each user will need to authenticate once on any devices where they're already using 1Password, as well as when setting up the 1Password apps on new devices and new browser sign-ins. They won't be asked to enter their generated 2FA codes again beyond that initial authentication unless they reset the 1Password apps or deauthorize their devices/browser sign-ins.

  • WAnderson
    WAnderson
    Community Member
    edited August 2021

    Thank you ! so it's not an Advanced MFA like Office365? We plan on rolling out Duo this week. We can't force MFA on each login?

  • @WAnderson,

    I'm not entirely familiar with Office365's 2FA solution, though I do know many other services rely on authentication-based security models rather than encryption-based ones (like 1Password). Because of this, authentication doesn't play as important of a role in the security of your 1Password data. More on that here.

    ** We plan on rolling out Duo this week.**

    Ah, 1Password does support two-factor authentication with Duo, if you would like to force your users to re-authenticate more frequently (between 1-30 days).

    Just to note that enabling Duo for your 1Password account will disable the traditional two-factor authentication for your users; they will no longer be able to use third-party authenticator apps to generate 2FA codes. They'll instead be required to enroll in Duo (if they haven't already), and they'll authenticate as required by the Duo authentication interval as chosen by an administrator.

    Use Duo for your team

  • MaurizioNatta
    MaurizioNatta
    Community Member

    Hello I'm a Business membership of my company subscription (xxxx.ent.1password.com). I've got a serious problem about 2FA and I need to recover my account (I'm not longer able to connect device or log into my web account using 2FA).
    How do I contact administrator whom manage my company accounts ?

  • Hi @MaurizioNatta! :smile:

    We'd be happy to assist with this! If you could just reach out to us at support@1password.com using your work-provided email address, we'll be able to take a closer look at any accounts you may have and offer suggestions from there. Feel free to also include a link to your post here for reference.

    We'll be on the lookout for your message!

  • MaurizioNatta
    MaurizioNatta
    Community Member

    many tks i’ll do it soon. I vary appreciate your answer and support. I was disperate 😞

  • We're more than happy to help, @MaurizioNatta! Once we see your message come in, we'll jump on it as soon as we can. :+1:

  • wp_cmentor
    wp_cmentor
    Community Member

    Hey @ag_max and @ag_joshua ! I've been browsing community and appreciate your insights!

    We're looking into enforcing 2FA for our teams and I am hoping to confirm that I've covered a few bases:

    • When 2FA is enforced (whether DUO or other) existing users be prompted to set up 2FA at the next login (via app or browser extension)?
    • If a user does not have access to any 2FA methods / authorized devices, an Admin will need to start account recovery? Will they need to set a new Master Password or can they use the previous one they know?

    Thank you!

  • Hi @wp_cmentor,

    When 2FA is enforced (whether DUO or other) existing users be prompted to set up 2FA at the next login (via app or browser extension)?

    That's correct. In the case of native two-factor authentication with a third-party authenticator app, anyone who has not already enabled it will be prompted to set it up the next time they sign in to their account. With Duo they'll also be prompted.

    If a user does not have access to any 2FA methods / authorized devices, an Admin will need to start account recovery

    The short answer is yes. The longer answer: When native 2FA is enforced for a business account, and if an existing user has lost access to their third-party authenticator app where they saved their 1Password 2FA secret, they will need to sign in to their account on 1Password.com within an authorized browser and replace their 2FA app via the My Profile page, thus revoking the old secret.

    If they don't have access to an authorized browser, then you're correct that an administrator will need to start the recovery process for them. This will reset their account details and they'll need to recreate their account password (they can choose the same one previously in use). They'll also receive a new Secret Key. It's worth noting that when 2FA is enforced (including Duo), it won't be possible to disable 2FA at an individual level within the 1Password apps; only an account owner, administrator, or someone with the Manage Settings permission will have that power.

  • wp_cmentor
    wp_cmentor
    Community Member

    You're the best @ag_max ! Thanks again!

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Max, you are very welcome :)

This discussion has been closed.