2FA not enforced on ios

Options
moiraine_sedai
moiraine_sedai
Community Member
in iOS

Step to reproduce:

  1. Trigger a 2FA requirement on web: from the 1password web portal, go to My profile > Authorized Devices > (cogwheel next to ios device) > Require 2FA on next sign-in
  2. Launch ios 1password app, while it asks for 2FA, one may click "Cancel" and the vault is accessible

Anticipated behavior: the vault should not be accessible if one is unable to provide the 2FA code/security key

1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: ios 16
Browser:_ Not Provided

Comments

  • Dave_1P
    Dave_1P
    Options

    Hello @moiraine_sedai! 👋

    This behaviour is explained on our website here:

    • Deauthorize Device: Your account will be removed from the device.
    • Require 2FA on Next Sign-in: Your account will remain on the device, but changes you make on other devices won’t appear until you reauthorize using a second factor.

    While 2FA is required to authenticate your account so that it can communicate with 1Password.com, access to the account's vaults on the device itself is protected using encryption and your account password. If you'd like to completely revoke access to your account on a particular device then you can use the "Deauthorize Device" option.

    Let me know if you have any questions. 🙂

This discussion has been closed.