Duo integration?

XIII
XIII
Community Member
in Families

In the web release notes I read that there's a beta with Duo integration for 1Password for Teams. Do you plan to offer that for the Families counterpart as well? I would love that! Duo Mobile is already my preferred 2FA App…

https://app-updates.agilebits.com/product_history/B5

1Password Version: Families
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben

    Hi @XIII,

    At the moment beta features are limited to team accounts, but I'll certainly pass the feedback along to the team that you'd like to see them in 1Password Families as well. :)

    Ben

  • hazmat
    hazmat
    Community Member

    Please second that request. You're going to have lots of people keeping the account keys in plain text in a Dropbox text file or in a note in Apple Notes so they can get to their vault via the web site on other computers than their own.

    I use Duo at work and it's great.

  • ntimo
    ntimo
    Community Member

    @Ben could you add my request too? I would love that feature for my families account as well! Even if its in beta. And why do only team members get beta thats so unfair :(

  • Ben
    Ben

    Certainly. :) Thanks for the feedback. :+1:

    Ben

  • hazmat
    hazmat
    Community Member

    Agreed. The need for security in Families accounts is no less important than in Teams accounts.

  • Ben
    Ben

    The need for security in Families accounts is no less important than in Teams accounts.

    Very true. :)

    Ben

  • ntimo
    ntimo
    Community Member

    Hi @Ben,
    1Password is a security product and not making a security feature available to all. That could be made available to all, just does not make sense. Because this would mean giving some more security then others?

    But another question I already asked: What happens if someone with MFA (DUO) enabled adds his account to the 1Password apps. Will he be asked for the MFA? or is this only on the web? Because if its only on the web it does not really give a third layer of security. Because lets say I know you master pw and account key and know you have MFA enabled then I would simply access your account using the apps knowing I could bypass the MFA.

    Thx
    Timo

  • Ben
    Ben

    Timo,

    As far as I'm aware it is only limited while in beta. I'm not sure what the intentions are after the beta period. As more information becomes available about Duo and its potential integration with 1Password we'll be sure to share it here. Remember -- it is a beta, so it may not stick around at all. We'll see how testing goes.

    As soon as we have an answer to your other questions we'll answer them here. :)

    Ben

  • XIII
    XIII
    Community Member
    edited August 2016

    This week I had to work on the Windows laptop of a colleague for several days. Web access to 1Password is great for that, but I felt very uncomfortable typing both my Account Key and my password in the same browser (even though I chose to use it as a public browser, i.e. not save the key). Duo integration would have been so great now!

  • Jacob
    Jacob

    @XIII I definitely hear you there. That's why we made the QR code for devices, but it doesn't apply to the web interface since that's usually where you get it in the first place. I'm sorry for the confusion about how Duo works, though. It would actually just be an extra step when signing in, not a replacement for the Account Key or Master Password. Similar to two-step authentication on Google, Apple, and any other major service, once you enter your email, Account Key, and Master Password, Duo will ask you to authorize this device. Hope that helps clear things up! :)

  • XIII
    XIII
    Community Member

    @Jacob That's kind of what I expected: a real second factor (something you have), next to the password and account key (both something you know; I still have the feeling the account key is only to improve weak passwords, but no real second factor - I might misunderstand that though).

  • Jacob
    Jacob

    @XIII Well, the Account Key is actually better than two-factor™. We wrote a bit about it in our About the Account Key article. You're correct that the main goal is to strengthen the encryption, and the nice thing about an Account Key it doesn't exist to defend an authentication system. The only thing Duo provides is an element of physical presence like you said. So long as you don't share your Account Key or Master Password with anyone, Duo isn't really necessary.

  • hazmat
    hazmat
    Community Member

    There needs to be an easier, yet secure, way to retrieve the key, though. Like when accessing your vault via the web from a "foreign" or new computer.

  • Jacob
    Jacob

    The easiest way we've found at this point is having the account on your devices, such as your phone since that's usually with you, and getting the Account Key from there. It still requires typing, so we could make it smoother. The only thing is, there aren't many people who use 1Password on a different computer every day.

  • hazmat
    hazmat
    Community Member

    So where are you keeping the key, in1Password?

  • Jacob
    Jacob

    You can find it in a few different places depending on which app you're using:

    If you can't find your Account Key or QR code

    Hope that helps!

  • hazmat
    hazmat
    Community Member

    Thanks. That's some good info. Stupid question: is the account key case-sensitive?

  • Jacob
    Jacob

    You're welcome. :) And that's a great question — I've not heard it before. It isn't case-sensitive, and you'll notice that 1Password.com converts anything you type to capitals automatically when signing in.

  • hazmat
    hazmat
    Community Member

    Excellent, thanks. On every machine I use I remap Caps Lock to Control. Old habit from Sun workstations that I can't let go.

  • Jacob
    Jacob

    No problem at all :+1:

This discussion has been closed.