Minor typo in the Policies UI + question about enforcing 2FA

afrisch
afrisch
Community Member

I'm currently setting up "Policies" for our company which will start using 1Password shortly.

Tiny typo in the UI under /policies/authentication: "To enforce 2FA you must select a two-factor authentication method and your Account Password policy must be set to Strong or Custom." : but above in the page, the setting is called Strict, not Strong.

Also a question : I'm puzzled at why this restriction is enforced; it seems useless : one can always choose "Custom" and replicate the Minimum or Medium requirements. Also, the rationale is unclear to me : 2FA adds some security, and it's even more important to do so that passwords might be weak. (I'm not saying it's a bad idea to also encourage using stronger passwords while forcing the use of 2FA, but I feel like I might have missed something...)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Thanks @afrisch

    I've mentioned the typo to the team. Thank you for that. They indicated it was in the works as far as a resolution goes.

    Custom could allow you to define your needs as you mentioned. Most folks, in my experience, use this to encourage stronger passwords, along with 2fa. The best of both worlds if you will.

    ref: dev/b5/b5#23340

  • @afrisch

    The team has indicated the messaging should be aligned in a soon to be released version. I've been away for a few days and it may be possible it's there now. If not, it is indeed in the pipeline and should be seen soon.

This discussion has been closed.