Feature Request - Offline banner
We use DUO but one of the problems we have is that users don't really understand how it and 1Password works, which is fine most of the time. One thing I have been running into recently though is people switching to new phones and they don't migrate DUO so the 2FA challenge fails.
From a user perspective they get access to the vault so, no issue in their mind as 1Password is working fine (or so they think). I'll then get an unrelated issue as they can't seeing updates and when I mention DUO their response is generally "oh that hasn't worked in a while". The issue IMO is it's not immediately obvious to a user that something is wrong, the solution
1 - Would be great if the 1password icon updated to show there was an issue
2 - When looking in 1password there should be a nice big red banner - MFA challenge failed, vault offline (or something like that)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
No unrelated to mobile devices (other than they do the MFA challenge). This is for the 1password chrome extension (or what was 1PasswordX)
0 -
Thanks for clarifying @Lee_B ,
Usually when MFA requires authorization again, the extension in Chrome will launch a new tab where they have to sign into their 1Password.com account (or company account). Does that not happen at all? Perhaps they just close the page as they don't understand what it is?
I'm looking to determine the exact point of failure/user error so we can properly improve this.
0 -
Yes, you are correct. After 30 days you are required to re-authenticate via DUO and this does spawn another tab to trigger the MFA challenge. Some users will ignore that challenge (I'll do it later or DUO isn't working on my device, a few different reasons) and close the tab.
In this scenario, 1Password still allows access to the vault via the browser extension (as it should), but it's now stopped syncing and is only working locally. From a users perspective, 1Password is still working fine as they can access everything and there is no indication in 1password that is working in degraded capacity.
The flow-on problem from this is once they have ignored the MFA prompt once and they think everything is still working fine then they have had positive re-enforcement that they can just ignore it next time (and next time).
This isn't a problem for the people who understand 1password and use it all the time, it's the more casual or slow adopters that get impacted.
0 -
Great, thanks for clarifying.
I'll forward it to the team, hopefully we'll be able to improve the UI here in a future update :+1:ref: dev/core/core#1107
0