Accounts appearing in Watchtower inactive 2FA list that shouldn't be listed
The Inactive 2FA list in Watchtower is great, however I have two accounts showing up that only allow 2FA via their own apps with no external 2FA option available. They are both UK banks and the relevant instructions links are https://www.barclays.co.uk/ways-to-bank/online-banking/pinsentry-guide/ and https://www1.firstdirect.com/1/2/securekey/. Both of these banks require you to use their mobile app or a hardware device so they cannot be added to 1Password via the TOTP standard.
I also have a related problem in that first direct have a separate user forum at https://fdesign.firstdirect.com but this is getting flagged as 2FA available when there is no 2FA on these accounts (probably as it's using the same base domain as firstdirect.com)
1Password Version: 7.0.BETA-16
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I concur in respect of Barclays, and discovered the same problem.
Stephen
0 -
That breaks my own existing work flow, where I already used "2FA" as a marker to myself that it was setup. Not a huge deal as I can simply rename the existing tag, but not ideal at all. Luckily for me I prefer all lower case tags so I can rename "2fa" rather quickly.
I can confirm it works, but now to decide on something new for my existing setup, as a marker. I already have to figure out how to handle the nested tag problem. Its a minor one though with that"/" in the tags. Truth be told it may have been fixed. I have been dealing with a software and a hardware issue as of later and rather removed from all things 1P based.
I still would rather things like this have special character in them to signify system usage. WT-2FA, System-2FA, Just doesn't feel right abandoning my own tags that I spent so long cultivating. Im still fond of the "System", "WT" or even "1P" tags
Y'all think on it, your way smarter than myself, I am sure you can do better. If you use something like "1P" then all internal arrangement tags could be grouped together when viewing the tag list. Just a few thoughts.
Things like
1P-2FA(e) - enabled
1P-2FA(ne) - not enabled
1P-2FA(sms) - sms only
1P-2FA(a) - app only
1P-2FA(wt) - signal to watch tower it is indeed setup.I am sure my abbreviation get rather cryptic to some, but again I am sure y'all can do something better, faster stronger, his name is Ste... Oh wait that was Six million dollar man. LOL
I personally really think this opens up a whole new world of internal organization.
0 -
@rudy I like the suggestion: you can always add a tag to the item "2FA" to signal to watchtower that its taken care of already.
I already use a similar tag but it's nested under Tech, so it reads Tech /2FA and it is not recognized. Is there a way this could get recognized or will I have to create a separate 2FA?
Thanks.
0 -
0
-
I'm also seeing accounts in "Inactive 2FA" that, indeed, provide 2FA and, indeed, I'm already using (i.e. Amazon, Dropbox, Backblaze). Why are these accounts getting listed here?
0 -
@dfp,
The criteria 1Password uses to determine whether it shows up under Inactive 2FA is that a One-Time Password field exists on the item. Typically those will be created by scanning a QR Code. If you have the codes stored in another application then you'll want to place a 2FA tag on the item to exclude it from the listing.
Rudy
0 -
It'd be great if the warning message had a way to do this. i.e. A button or link that says "I use a device for 2FA" which then took you to a confirmation and then set the appropriate tag. I don't use the in app 2FA functionality as I believe it reduces security. If someone does gain access to one of my devices with 1password unlocked, or manages to unlock it then they have everything they need to enter my accounts.
0 -
