Update Watchtower regarding Xfinity/Comcast 2FA

[Deleted User]
[Deleted User]
Community Member
edited March 2022 in Lounge

This old post https://1password.community/discussion/101363/2fa-exception-xfinity says...
"... 1Password checks a known list of websites that offer 2FA (we user TwoFactorAuth.org for that), but it only checks if the functionality exists, not all the methods offered by a service. ..."

But that goes to https://brainstation.io/cybersecurity/two-factor-auth

TwoFactorAuth.org doesn't exist anymore?

FYI...

https://2fa.directory/us > Xfinity has 2FA

https://2fawebsites.github.io > Comcast has 2FA

https://www.xfinity.com/support/articles/enroll-2-step-verification


1Password Version: 7.9.828 & 80600068
Extension Version: Installed but not used.
OS Version: W10 Home with all updates.

Comments

  • DefiCzech
    DefiCzech
    Community Member

    @F150 here Is answer what happened with TwoFactorAuth.org https://github.com/2factorauth/twofactorauth/issues/5238

    Tldr

    The person who owned the domain recently left the project due to a dispute. It looks like said person sold off the domain twofactorauth.org to make a quick buck after they left.

    For now, the new home is https://2fa.directory

  • [Deleted User]
    [Deleted User]
    Community Member

    OK, THANKS!

    But still wonder what 1P is using for the feed to Watchtower since it does not recognize Xfinity/Comcast does have 2FA.

  • Hey @F150:

    As @DefiCzech noticed (thanks for the assist! 😎), we now use https://2fa.directory as the source of info for Watchtower inactive two-factor authentication support. With that said however, since their app verification requires a proprietary Xfinity app, rather than a standard one-time password that 1Password supports, we don't show the Watchtower notification for inactive two-factor authentication here.

    Jack

  • [Deleted User]
    [Deleted User]
    Community Member

    They changed requiring using their app, I have no clue when. They have SMS or Email as found in https://2fa.directory

    You can set up Two-Step Verification in My Account using the steps below, or by using the Xfinity Authenticator app on your mobile device.

    I just now set it up to use SMS to my phone and I did not have to D/L their app.

    Mike

  • Hi @F150:

    That's correct. As I'm no longer an Xfinity subscriber, I can't log into my account to verify the specific options that are available.

    In short, there's multiple different ways a two-factor authentication app can be implemented and while this isn't an exhaustive list, this helps explain the difference, and why Watchtower will not prompt you to save your two-factor authentication in 1Password for Xfinity:

    • A service specific app, that integrates directly with the service, and can't be used for other services. This may offer additional functionality like push notifications and identifying where the specific login attempt is occurring.
    • Using a Time-based One-Time Password (TOTP) which is an open standard, and one of many available apps (1Password, Google Authenticator, Microsoft Authenticator) can be used to save the TOTP secret and provide a code. This doesn't offer push notifications, or identify where the specific login attempt is occurring.

    Saving your two-factor authentication in 1Password requires the service to be using TOTP. Because Xfinity doesn't offer two-factor authentication using TOTP, it can't be saved directly to 1Password. Since your two-factor authentication for Xfinity can't be saved to 1Password, Watchtower won't prompt you about available two-factor authentication. This isn't limited to Xfinity, but would occur with any website or service that offers two-factor authentication, but doesn't allow for TOTP authenticator apps.

    Let me know if that clears it up, or if you still have questions!

    Jack

  • [Deleted User]
    [Deleted User]
    Community Member

    OK, I finally understand... tokens! Thanks for putting up with my newbie questions.

This discussion has been closed.