2FA Trusted Devices

Hello guys, could you please help me?

We have implemented 2FA in my organization. However, we would like the 2FA would be asked requently. By chance, is it possible to remove the option to trust in a devide for all users? Thus users would need to use the App to authorize the access more often.

Thanks!


1Password Version: 8.9.10
Extension Version: Not Provided
OS Version: Windows 10 Business
Browser:_ Chrome
Referrer: forum-search:2fa

Comments

  • Hello @Vanzito,

    Thanks for asking about two-factor authentication in 1Password. I'll pass your request for an option to require two-factor authentication more often on to the team, but don't have any information indicating if we may implement it.

    As explained in our guide to Authentication and encryption in the 1Password security model, 1Password relies on encryption to protect account data. After the initial sign in (which does require two-factor authentication), accessible data is cached locally on the users device, and future unlocks only need the account password (and locally stored Secret Key) to decrypt. This decryption happens entirely on device, and there is no server or gatekeeper involved to enforce two-factor authentication. This is why 1Password can work offline and in low connectivity environments.

    Once the local data is decrypted, 1Password then uses the stored credentials to connect with our servers and sync changes. This does rely on a device specific two-factor authentication key that was stored during the initial sign in. A lack of two-factor authentication at this stage would only prevent synchronizing new changes to or from our servers, but wouldn't have any impact on offline access to locally encrypted vault data.

    Are you able to publicly elaborate on why our security model isn't ideal for your team, and what benefit you hope to get through more frequent two-factor authentication? Is offline access to 1Password data desirable for your team? I'd be happy to pass along anything you can share to our product team for them to consider your feedback. If you'd prefer not share publicly, you can also email support@1password.com and include a link to this forum post.

    Cheers,

    ref: IDEA-I-2320

This discussion has been closed.