How to prevent false "Inactive 2FA" messages in Watchtower 2.0?

2»

Comments

  • RonHeiby
    RonHeiby
    Community Member

    Very cool feature!

    My 2FA "False Alarms":

    • OpenDNS - Looks like they have it for their business / paid class of service. I've got the freebie home service, and see no sign of being able to sign up for 2FA.
    • ScreenCastsOnline Support - They're using zendesk.com for this, and it appears that zendesk.com allows each of their clients to configure their subdomain sites to require or not require 2FA as they like. ScreenCastsOnline doesn't.
    • Skype - I'm really confused by this. It appears to be linked with one of my Microsoft logins, but maybe not. Not clear whether I can set up 2FA for Skype or whether I can set it up for the Microsoft Windows Live account (which I have done, somehow, somewhen) that appears to be associated with my Skype account, but I'm not seeing any prompting for the code.
    • 1and1.com Webmail - I was able to find and configure the 2FA for the Admin account for my hosting package. But I don't see any way to set up 2FA for the Webmail logins.
  • Skype - I'm really confused by this. It appears to be linked with one of my Microsoft logins, but maybe not. Not clear whether I can set up 2FA for Skype or whether I can set it up for the Microsoft Windows Live account (which I have done, somehow, somewhen) that appears to be associated with my Skype account, but I'm not seeing any prompting for the code.

    As far as I'm aware Skype accounts are now Microsoft accounts (and vice versa). So I would imagine the process would be the same as for your other Live account.

    Thanks for letting us know, @RonHeiby.

    Ben

  • AxzHandul
    AxzHandul
    Community Member

    I'm having the same problem with Amazon. I have 2FA enabled with an authenticator app registered and in use, but the login still shows in Watchtower and the banner shows that 2FA is not enabled. How do I remedy this?

  • vplewis
    vplewis
    Community Member

    @AxzHandul Just add a Tag called "2FA" to the site and the banner will go away.

  • Indeed. Thanks for chiming in here vplewis. :)

    Ben

  • AxzHandul
    AxzHandul
    Community Member

    Thanks @vplewis.

    I'm curious -- what is the mechanism by which 1Password actually identifies whether 2FA is on or not? I understand how it is determined whether it is available, but I how does 1Password know whether you've turned it on for your account?

  • @AxzHandul

    The only way of 1Password determining that is if you have a One-Time Password field on the login item in question or if you've added a "2FA" tag to the item.

    Ben

  • mariozaizar
    mariozaizar
    Community Member

    Is there a special tag to remove false-positives from "Expiring" items, and other categories than the "Missing 2FA"?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @mariozaizar: I'm not sure I understand what you're trying to do. How would an expiring item be a false positive? Did you enter the date incorrectly? Maybe a different example would help.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: Oh duh. Thanks! Perhaps they meant that as well. :)

    @mariozaizar: Have you considered adding the expired dates (if you cannot renew them) as custom fields?

  • mariozaizar
    mariozaizar
    Community Member

    @XIII Thanks! yeah, that's what I was looking for.

    @brenty for example, I have my expired passports and IDs for reference in 1Password, but I don't consider them as something that I need to "fix" perse. So, seeing them in Watchtower is more like an annoyance than a helpful thing. I will try the custom fields trick.

  • Thanks for the info. :+1:

    Ben

  • jameshicks
    jameshicks
    Community Member

    I do hope they'll allow using any TOTP compatible app in the future though.

  • I don’t follow, @jameshicks. Could you elaborate?

    Ben

  • one000mph
    one000mph
    Community Member

    I'm seeing several sites which are flagged with the warning "This website supports 2FA (according to twofactorauth.org), but you haven’t enabled it." by Watchtower. A few of these sites have had 2FA enabled for awhile using the Google Authenticator App. How often does Watchtower refresh this list?

  • AGAlumB
    AGAlumB
    1Password Alumni

    Weekly. If you're still having trouble, be sure to let us know the specifics so we can look into it!

  • danco
    danco
    Volunteer Moderator

    To get rid of this warning add the tag 2FA to the item.

    1PW can tell if you have 2FA enabled within 1PW itself, but it can't know if you enabled it in Google Authenticator or other way.

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1: Indeed, it's been discussed here, and we also cover this and other Watchtower features in the guide on our support site:

    https://support.1password.com/watchtower/#identify-logins-that-support-two-factor-authentication

    Cheers! :)

This discussion has been closed.