Tips on how to get Multi-Factor Authentication via Duo working?
Comments
-
@cobaltjacket: I guess what I'm saying is that at this point it only helps a limited number of 1Password users, and ultimately that's where our focus lies. We need to work on things that will do the most good for the greatest number of people, otherwise 1Password doesn't offer much of a security benefit for most of us. I suspect that you're right though, and this will shift over time in this direction, so it's definitely an area we're continuing to evaluate. Cheers! :)
0 -
Does 1Password work across all the Duo tiers? I mean, there is a free version and there are paid Duo versions. I am interested but haven't signed up yet.
0 -
@wkleem: It is a bit confusing, isn't it? Only the 1Password Teams Pro plan supports Duo as a beta feature (will need to be enabled in the Admin Console), but it works no matter what. I didn't actually use Duo prior to 1Password Teams adding support for it, so it isn't something you need to pay for to use; it's included in the Pro subscription. Cheers! :)
0 -
Presumably, I will have to register with Duo first? I see that Duo has an App for almost all platforms, even WinPhone 8.1!
https://duo.com/product/trusted-users/two-factor-authentication/duo-mobile
"Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian. Download Duo Mobile for iPhone or Duo Mobile for Android - they both support Duo Push, passcodes and third-party TOTP accounts."
I gave up on Palm years ago.
0 -
Heh. Color me impressed that they do J2ME/Symbian still.
Rick
0 -
A question for the Duo users. Is the 2FA per device or per number? I have multiple devices not always operational due to age, mostly. The batteries aren't holding up as well as they used to.
There is something to be said, that in 20 years, there still has been little progress in battery longevity which manufacturers cram more capacity into them.
0 -
@wkleem : I'm not sure I follow your question. What do you mean by "number" there? Number of users? Phone number? I'm trying to understand what you're looking to find out... are you talking about costs? functionality?
Rick
0 -
What I meant to say is, is the Duo account limited to the mobile phone number(s) as some people have more phones than mobile numbers and some have spare SIMs to swap into phones? Or is it per device irrespective of the mobile number.
0 -
@wkleem It depends on how you add the device to the Duo account. If you set it up with the Duo app the device doesn't even have to have a phone number (e.x. it can be used with tablets that don't have cellular). But Duo does also offer the option to authenticate via SMS, which does of course rely on the mobile phone number. I would not necessarily recommend the latter option.
Ben
0 -
@wkleem: IN the same vein as Ben's comment, I don't even add devices by phone number (the "mobile phone" option), since SMS is not secure. Certainly you can if you wish though, since that's an option Duo offers.
But I prefer to setup devices using the "tablet" option to use the Duo app itself as the authenticator, since that can send you push notifications securely. The app can also give you a code (in case it's offline and can't "push" you) if you tap the "key" icon. And you can add more than one device as well. There's no need to do any of this separately through the Duo site though, as it can be setup through the Duo authentication dialogue when logging into 1Password.com. I hope this helps! :)
0 -
Thanks, Ben and Brent. I have now signed in for Duo. I thought I had seen a Beta section in 1Password.com but I cannot find it now. Where is it?
0 -
Awesome! Let me know what you think. :)
0 -
From my Windows PC with Firefox and NoScript, 1Password with Duo integration displays a ClearClick/ClickJacking warning.
I thought the team might want to know about it.
0 -
Thanks for letting us know @wkleem. We'll look into that and see what we can do about it.
Rick
0 -
Maybe @jpringle can help us out here?
Rick
0 -
Hey @rickfillion thanks for tagging me in!
@wkleem thanks for letting us know. We're not aware of any issues with the Duo Prompt right now. We try to make sure the prompt works with common browser extensions but can't guarantee it. We'll look into why noscript is generating a clearclick warning here.
Thanks again!
Jamie
0 -
Thanks for looking into this, @jpringle.
Rick
0 -
Glad to help @rickfillion @jpringle ! I will stick to Chrome, which does't have NoScript. Also where in Duo do I set up devices? Even for 1 user?
0 -
@wkleem : once setup, the duo screen that comes up should have a link that guide you through the process of adding a device.
0 -
Hey @wkleem we have a whole slew of ways to enroll users. You can check them all out on our docs page Enrolling Users.
Jamie
0 -
Thanks Jamie. I will have a look at it, time permitting.
0 -
Misplaced my iPhone, the only device registered in Duo. Oops. :(
0 -
I found my phone after a 2 hour search. Find My iPhone is of no help in areas of bad wi-fi coverage and I was relying on 3G/4G.
0
