Watchtower and Tracking for Sites Supporting U2F

johngalt2
johngalt2
Community Member

I love the Watchtower feature to identify weak passwords and inactive 2FA.

However, I recently started to increase my security using a U2F security key from Yubico. I have enabled this option at some sites, but I am not aware which sites support this without manually checking. I also don't have a good way to keep track in 1Password which sites I have enabled U2F via security key.

Are there any recommended best practices for now? Are there any things that can be added to future releases of 1Password to help in this area?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    HI @johngalt2!

    I also don't have a good way to keep track in 1Password which sites I have enabled U2F via security key.

    Have you considered using tags for this?

    Organize with favorites and tags

  • johngalt2
    johngalt2
    Community Member

    Thanks!

    Tags is a great idea for once I setup an account with U2F.

    That being said It would be nice if 1Password was able to tell me which sites supported U2F similar to how it tells me which support 2FA via TOTP. And then once I set it up removing them from the list.

  • ag_ana
    ag_ana
    1Password Alumni

    Understood @johngalt2, thank you for the feedback :+1: I can see why the developers have not added this yet (not everyone has a security key, but everyone can activate TOTP), but perhaps this is something they can reconsider in the future.

  • johngalt2
    johngalt2
    Community Member

    Thanks @ag_ana. I agree a small percentage of people currently use a security key. Hopefully this changes as more sites allow them just as TOTP has increased in usage over the years. My thought is Watchtower already integrates with https://2fa.directory/ to determine if TOTP is an available option for that domain. It would be nice if it checked for U2F as well. If I could quickly see which sites offered U2F it would help as right now I have hundreds of logins. Perhaps this could be a feature enabled in settings for the super users and not displayed for all users. Right now in the privacy settings there is an option to Check for two factor authentication. Adding an option here for U2F would be nice to consider on the roadmap as more sites start using U2F. For now I will settle with more sites allowing TOTP! I am frustrated that my bank will not allow passwords more than 12 characters and the only 2FA they support is via email. :(

  • ag_ana
    ag_ana
    1Password Alumni

    @johngalt2:

    I agree a small percentage of people currently use a security key. Hopefully this changes as more sites allow them just as TOTP has increased in usage over the years.

    Agreed!

    It would be nice if it checked for U2F as well.

    Agreed here too :)

    I am frustrated that my bank will not allow passwords more than 12 characters

    That's not bad, I wish my bank allowed passwords that long :D But they do support proper 2FA in the app, so that helps :)

This discussion has been closed.