Duo for Standalone Apps finally appears

2

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2018

    @wkleem: Indeed, it will depend entirely on your network connection and the power of the device itself. You've probably noticed that "signing in" to 1Password.com in a desktop web browser can even be pretty slow relative to other sites. That's because there's a lot going on behind the scenes computationally within the browser itself to perform crypto operations for SRP and the session in general since that is computed so the credentials are never transmitted, then there's a whole web app being downloaded and run by the browser in order to make all of that possible. This is especially slow in mobile web browsers since webpages don't benefit from the same acceleration that apps there do. Have you tried 1Password for iOS?

  • wkleem
    wkleem
    Community Member

    @brenty,

    I have tried 1Password for iOS but as I indicated earlier, I am not seeing the Duo Prompt for 1Password Standalone with mobile with subscription and local vault (AgileKeychain). No issues with Mac or Windows with local vault disabled.

    I haven't tried to edit/modify anything from 1Password subscription yet as suggested by @rickfillion yet

  • I suspect that something isn't quite configured as you're expecting there (different account than you think maybe?) or that you're using an old app that isn't Duo aware (those are supposed to prod you to update when that's the case but bugs are funny in that they happen in unexpected places). If the latter then the changes will simply fail to sync across.

    Rick

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Hi Rick,

    With regards to iOS, I will have to check but I am certain I have 1Password 7.0.5 which is the latest version. I have 1Password for Android 6.7.3 with Android Oreo. Not seeing Duo here.

  • wkleem
    wkleem
    Community Member
    edited April 2018

    @rickfillion,

    Does the order of vaults matter? Currently I have Primary First and Subscription second. I could try Subscription first? I will need to convert to OPVault, which I have not done.

  • @wkleem : order of vaults should not matter. Have you done the test to make sure you can sync data?

    Rick

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Hi,

    Earlier on I had this prompt but it lagged by about 15 seconds maximum and there is a “Not Now” in the TOP left hand corner of my phone. I must have dismissed it 30 or more times before letting it complete and it was Duo on my iPhone trying to come through that I kept dismissing, not knowing what it was.

    Could you make it less laggy?

    Thanks.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Can you tell me what you mean by "laggy"? If you just mean there was a delay in you receiving the prompt, that will mostly be a function of your internet connection, which, if our past exchanges are any indication, is similarly problematic to mine. I have the same experience with Duo most of the time. I'm not sure there's a solution to that, besides both of us getting more reliable connectivity, but it's something I aspire to anyway for many other reasons. :lol:

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Yeah @brenty. I know what you mean. :) There is a delay which I hope can be lessened, but perhaps not with cellular. 4G, LTE, etc, does not appear any different.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Ironically(?), cellular is better for me here. I guess that's lucky because I almost always have that to fall back on — even if data rates add ups bit. I don't believe there's anything we can do about this since we're just using Duo's tools to integrate with them, but if there are ways we can improve it we will. While I think Duo is pretty slick, if connectivity is getting you down it may be worth trying the new (TOTP) two-factor authentication. This is mutually exclusive to Duo, so you won't be able to have both, but it has the side benefit of being less back-and-forth, as your device generates the code instead of waiting for a push. And that's something we have more control over. Given the collection of devices you seem to have amassed, you probably have plenty you could use with this for backup too!

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Thanks for the tip. I already have Google and Microsoft Authenticators on my mobile devices. I just did not know I could use 1Password with them. Some of my devices are currently at locations unknown. :(

    I kept them at some place which I cannot recall where.

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Hi

    From My Profile, I am not seeing Step 3 : Click More Actions > Turn On Two-Factor Authentication.

    I am on Teams Pro. Nevermind, I disabled Duo and saw Step 3.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the tip. I already have Google and Microsoft Authenticators on my mobile devices. I just did not know I could use 1Password with them. Some of my devices are currently at locations unknown. :( I kept them at some place which I cannot recall where.

    @wkleem: Probably not helpful now, but having Secure Notes for stuff and tagging it based on location (when I loan a game to someone, for example) is something I find to be useful.

    From My Profile, I am not seeing Step 3 : Click More Actions > Turn On Two-Factor Authentication. I am on Teams Pro. Nevermind, I disabled Duo and saw Step 3.

    Ah, yep! You won't be able to use two-factor without disabling Duo first. Can only have one or the other. Let us know how you like it! :)

  • wkleem
    wkleem
    Community Member
    edited April 2018

    Duo has sent out a new update and also has made under the hood changes for future enhancements. We'll see.

  • :+1:

    Ben

  • wkleem
    wkleem
    Community Member

    Just an observation between iOS and Android versions. The iOS version of Duo is dismissable i.e. there is a clickable Not Now button before Duo appears but Android does not have any button to dismiss Duo with.

    I thought I would highlight this difference.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the feedback! :)

  • hayrun
    hayrun
    Community Member

    Sorry to interrupt, but am I reading that DUO or TOTP can be enabled for 1Password subscription accounts? I tried out the family account a year or so ago, and the lack of a 2nd factor was the reason I moved my shared passwords elsewhere.

    I've always utilized a local vault for extremely sensitive information and was hoping to leverage Families for shared passwords with family members. I understand that the Secret Key concept was always considered your second factor, but I've always said the more the merrier...

    Finally, I am also aware that Enterprise and teams seem to work with Duo, but is this being pushed to all users and MAYBE even local vaults in the new 1password 7? I'm really hoping so as i'd love to move back everything to 1password.

  • wkleem
    wkleem
    Community Member

    It is my understanding that local vaults don’t get Duo or TOTP. I am uncertain if Duo or TOTP has been made available to 1Password for Individuals or Families.

  • AGAlumB
    AGAlumB
    1Password Alumni

    It is my understanding that local vaults don’t get Duo or TOTP. I am uncertain if Duo or TOTP has been made available to 1Password for Individuals or Families.

    @wkleem: Duo authentication is exclusive to 1Password Teams and 1Password Business, but (TOTP) two-factor authentication is available to all 1Password.com accounts (though it cannot be used simultaneously with Duo).

  • AGAlumB
    AGAlumB
    1Password Alumni

    Sorry to interrupt, but am I reading that DUO or TOTP can be enabled for 1Password subscription accounts? I tried out the family account a year or so ago, and the lack of a 2nd factor was the reason I moved my shared passwords elsewhere.

    @hayrun: Not an interruption at all! I'm glad you asked. Indeed, while Duo authentication is exclusive to 1Password Teams and 1Password Business, but (TOTP) two-factor authentication is available to all 1Password.com accounts.

    I've always utilized a local vault for extremely sensitive information and was hoping to leverage Families for shared passwords with family members. I understand that the Secret Key concept was always considered your second factor, but I've always said the more the merrier...

    Rick's mom agrees with you. :)

    It's true that the Secret Key has unique security properties, and since it isn't transmitted to us and effectively lives on your device, it can be considered a second factor in a sense. But some businesses require a more traditional second factor feature, so we've added these.

    Finally, I am also aware that Enterprise and teams seem to work with Duo, but is this being pushed to all users and MAYBE even local vaults in the new 1password 7? I'm really hoping so as i'd love to move back everything to 1password.

    Local vaults cannot have two-factor authentication because there is no authentication in the first place; encryption is used to protect your data. We've designed 1Password that way from the outset intentionally because that will always be the endgame, and 1Password's security needs to stand up even to direct attack, after an attacker already bypassed authentication to get your data. And since there is no server to authenticate with in the first place with local vaults, as always you'll need to use a long, strong, unique Master Password to protect your data. If you do that though, you're good to go. Cheers! :)

  • wkleem
    wkleem
    Community Member
    edited April 2019

    From April 2018:

    Just an observation between iOS and Android versions. The iOS version of Duo is dismissable i.e. there is a clickable Not Now button before Duo appears but Android does not have any button to dismiss Duo with.

    Update:
    I found that either Duo MFA for Teams or Duo Mobile is now improved from when I last had issues with it. Previously, I had an issue with Duo disappearing from the authentication process (There is a Not Now button in IOS), Duo Prompt now has an additional confirmation to make sure really I want to take/dismiss that action. I had Duo MFA/1Password TOTP disabled for months due to my iPad 4's incompatibility (now retired) with 1Password Authentication features.

    I am using 1Password 7.3 for iOS. Duo Mobile version is v3.25.0.2

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the feedback. :)

  • wkleem
    wkleem
    Community Member

    Waiting for iOS 13 which might be the last iOS version for my iPhone SE although there is an indication that IOS 12 might be the last version for my iPhone and iPhone 7 is new minimum. Other than issues related to the 4” screen size there isn’t much to report in now.

    Thanks.

  • AGAlumB
    AGAlumB
    1Password Alumni

    :+1:

  • wkleem
    wkleem
    Community Member

    I had a chance to capture the Duo Mobile/1Password offline reconfirmation notice. Thanks. It is an improvement.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2019

    Awesome! Glad that helped! Thanks for letting us know. :chuffed:

    ref: apple-555

  • wkleem
    wkleem
    Community Member
    edited April 2019

    I have some issues with Duo Mobile from reauthorization. I swapped my phone and restored my data from backup. Duo and 1Password needs to be reauthorized. The apps keeps failing somehow. 1Password 7 and Duo Mobile sees it as a new device?

    I now get a time out error. iOS 12.2 and 1Password 7.3, Android 8 and 9 and 1Password 7.1.4

    The time out errors only started with the iPhone swap and subsequent restoring of data.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Can you be specific about the steps you're taking? Some of the things you're saying don't make sense to me, given your description. So I'm guessing there's more to it. But it sounds like something just went bad with the iCloud/iTunes restore. If you reinstall the app, are you able to sign in to your account normally? To be clear, it is a new device if you're using a different iPhone, etc. than you were before. 1Password/Duo has never talked to that device before, so, much like Dropbox and many other services, you'd need to authorize it by signing in properly. Otherwise it would be possible to "clone" an authorized device to give another access to the account without you actually signing in.

  • wkleem
    wkleem
    Community Member
    edited May 2019

    @brenty

    1Password worked locally but I was getting more of the above screenshot, it was unresponsive (off-line) or denied by Duo Mobile, than usual.

    To be clear, it is a new device if you're using a different iPhone, etc. than you were before. 1Password/Duo has never talked to that device before, so, much like Dropbox and many other services, you'd need to authorize it by signing in properly. Otherwise it would be possible to "clone" an authorized device to give another access to the account without you actually signing in.

    Thanks for your reply. That makes sense, I did not consider the cloning part.

    I have solved the issue by reactivating Duo Mobile/1Password where I needed to. Another issue I have encountered is from Windows where I started a thread in the Windows Forum. It also has to do with re-authentication. It is likely a different issue.

    https://discussions.agilebits.com/discussion/comment/504485#Comment_504485

This discussion has been closed.