DUO Passwordless and 1Password
Comments
-
Ahh. glad someone posted this issue. I have the same problem, but with an extra wrinkle of my company using Duo passwordless logins, so I use touchID on my Mac to auth to VPN.
Because touchID is associated to my keychain, I have to enable iCloud Keychain in password options. Which is annoying for autofill on websites as it gives me an option to fill/save with the apple option and 1password option in the same space. So now im stuck either not using 1password autofill on safari or use iCloud Keychain autofill.
0 -
Thanks for posting your use case. I haven't used DUO's passwordless option myself and would like to learn a little more so that I can make sure that I've clearly communicated your situation to our product team.
Are you seeing the iCloud Keychain filling menu just in Safari? What happens if you turn off the following option:
- Open Safari.
- Click Safari > Settings in the menu bar.
- Click AutoFill.
- Turn off "User names and passwords".
You should no longer see iCloud's filling menu, are you still able to use Touch ID with DUO with this option turned off?
I look forward to hearing from you. 🙂
-Dave
0 -
Hi Dave,
Thanks for the reply, but i have tried that, and it doesnt work. Unticking autofill on username/passwords in the autofill tab, disables 'Autofill passswords and passkeys' in password options, which then removes icloud keychain as an option below it (its just blank). So you're basically forced to use icloud keychain if you want to use touchID for Duo.
0 -
Hello @mthor,
That's correct. It seems you've saved a passkey for Duo in iCloud keychain or on your device, and it is only accessible when the system is set to fill from that credential provider. It may also be possible for you to enroll a new passkey with Duo, which is stored in 1Password, but be careful about doing this since it could lock you out of both Duo and 1Password if both rely on the other service to unlock, and no other authentication deices are available.
Let me know if you have any questions.
Thank you,
0 -
Thanks ScottS1P.
Looks like this was fixed by going to Duo device management settings and deleting the touchID associated with Safari. It seems to use the first one by default (as opposed to giving me an option to choose one). So when I removed the first touchID, it was able to use the 2nd one I had created, which was via 1pass. So now it used 1pass passkey by default to log in when trying to auth to the VPN.
0