1Password on Mastodon

Using 1password on a Mac via an app. How do I ensure that I have 2fa every time I sign in?

ashokc1009ashokc1009
Community Member

I am a new user


1Password Version: 7
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ app
Referrer: forum-search:Using 1password on a Mac via an app. How do I ensure that I have 2fa every time I sign in?

Comments

  • GreyM1PGreyM1P

    Team Member

    Hi there @ashokc1009

    When you use two-factor authentication on your 1Password account, it works the same way as two-factor authentication does for many other websites, which is that you'll be prompted for it when you sign in to a new device for the first time. After that, the device is trusted, so you can unlock 1Password using your account password or an alternative unlock method, like Touch ID or an Apple Watch.

    This means that you should expect to use two-factor authentication for your 1Password account only when signing in for the first time on a new device, not unlocking. If you sign out of 1Password on that device, you'll need two-factor authentication again when you sign back in.

    Please let me know if you have any questions, or would like any further help. :)

    — Grey

    PS. I noticed in the footer of your post that you're using 1Password 7. That version is discontinued, and you should upgrade to 1Password 8 to make sure you're using a supported version: Upgrade to 1Password 8 for Mac.

  • ashokc1009ashokc1009
    Community Member

    Hi GreyM1P,
    thank you very much for your quick response. I just moved from Lastpass where I was able to enforce the rule that the 2FA is required for each login. Vanguard also has this feature. You are right, most other websites uses the trusted device methodology; some require revalidation after a month. I am terrible paranoid nowadays and therefore was looking for some feature within 1Password which can be set up so that 2FA is required everytime. I use a Yubikey.

    By the way, when I I quit 1Password and even after restarting my Mac, 1Password still does not require me to use the Yubikey. Is there some setup I did wrong. 2FA is required if I use a new browser or laptop.

    I am currently using "1Password for Mac 8.9.13". I assume that this is 1Password 8.

    Thank you very much.
    Ashok.

  • Dave_1PDave_1P

    Team Member

    @ashokc1009

    When you unlock 1Password (using your account password or biometric unlock) your data is decrypted locally so a determined and well-equipped attacker with access to your device would be able to access your information since your vault data is already unlocked and decrypted. To require a "re-auth" using a YubiKey after your data is already decrypted locally using your account password would potentially, in this case, be an example of "security theatre" where a feature claims to offer more security on a surface level but in reality doesn't actually offer more protection.

    What I personally do on my device is set the auto-lock time to a short duration so that 1Password locks after a short period of inactivity. I also have biometric unlock enabled so that I can quickly unlock 1Password without having to enter my account password: How to set 1Password to lock automatically

    By the way, when I I quit 1Password and even after restarting my Mac, 1Password still does not require me to use the Yubikey.

    This is expected behaviour. You'll only be prompted for your YubiKey the first time that you add your 1Password account to a new device or browser.

    -Dave

  • ashokc1009ashokc1009
    Community Member

    Thank you Dave.

  • GreyM1PGreyM1P

    Team Member

    @ashokc1009

    You're welcome. We'll be here if you need anything. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file