Cannot dismiss 2FA banner

junon
junon
Community Member
in Mac

I don't want to use 2FA with 1password because IMO it completely defeats the purpose of 2FA. I don't need 1password giving me suggestions such as this, either - I just want to use your application, unhindered. That's it.

Also, I can't tell directly but it appears you're sending my saved websites to a third-party server to check if 2FA is enabled. Can you speak to that? I was immediately concerned when I saw that...

1Password Version: 1Password 7 Version 7.0.1 (70001002) AgileBits Sto
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Donaldd
    Donaldd
    Community Member
    edited May 2018

    @junon Hi. I think using 1Password as the 2FA authenticator has some advantages comparing to other authenticators:
    1. Sync and store the 2FA in a "relatively" safer place with strong protection by 1Password just like the other passwords. So no need to be panic when losing the phone... Although Authy (another authenticator with the backup feature) provides this feature, I think it is good to know that everything is protected by 1Password... :)
    2. An all-in-one solution for storing the 2FA and those hard-to-remember backup codes, in the same entry. It is very useful when you have multiple accounts with 2FA enabled.
    3. A smoother login experience as 1Password could copy the one-time-password automatically when needed.
    4. 1Password account itself could also enable 2FA as an extra layer of protection, and this time, another authenticator like Authy is needed :)

    About the 2FA check, as a watchtower feature, I think it still follows the privacy policy that:

    Watchtower downloads the entire list of vulnerabilities to your device before checking if your logins are affected, so no information about your logins is shared with us.

    Edit: Forget to mention the most important thing :) :

    If you use another app to manage two-factor authentication, add a 2FA tag to prevent it from appearing in this list.

    There're more information on this page about the watchtower:
    https://support.1password.com/watchtower/

    Donaldd

  • junon
    junon
    Community Member

    I understand the reasons why people might want to use 2FA with 1Password, but if a 1Password account is compromised, then 2FA becomes null and void.

    Also curious as to why there is a magical tag? Seems like inconsistent UX - tags are for organization, no? 2FA, to me, means that the entry has 2FA included with it, which is the opposite of how it's being used.

    Is there not a way to completely disable this? I don't want these features as they are distracting cause alarm every time I see them as the yellow banner indicates "problem" where there isn't one.

  • Donaldd
    Donaldd
    Community Member

    Hi, @junon.
    I'm surprised there's still no 1Password staff to answer your question. :p
    Well, as a 2FA lover who enabled almost every available service, I really understand your concerns about the security of storing 2FA somewhere. Yes, everything will be in danger if your 1Password vault get compromised, so does these passwords stored in it :chuffed: That's also the reason I failed to persuade some of my friends to use a password manager. They think it is really danger to remember one strong password for a vault instead of reusing password and remembering all of them in mind. "Don't put all your eggs in one basket", is their idea.
    However, I think it depends on the security-awareness of the user and the security measures you implement to guard these invaluable information. After locked out my email address multiple times because of my bricked phone and the “crush-on-the-start" issues of those apps, I had to use either the backup code stored on a password manager (still, it is in danger if the vault get compromised) or write them somewhere (even more complicate and insecure)...
    After reading the security designs of 1Password, I think, well, it is much safer than my phone itself and most importantly, everything is in safe and peace if I guard one thing well ;) Fewer efforts, more enjoyment 8-)

    About the second question, yes. You could disable this feature from "Preferences - Watchtower - uncheck "Check for inactive 2FA"

    Regards,

    Donaldd

  • Jacob
    Jacob

    Hey @junon! I totally understand that. I personally use Authy for accounts that I want to have true two-factor authentication. For ones that just need a one-time password, I use 1Password. You can add the tag 2fa to any items you want to hide in Watchtower, or you can simply ignore that whole section of Watchtower – that's up to you. :) Learn a bit more about one-time passwords vs. two-factor authentication:

    TOTP for 1Password users

    Hope that helps.

  • junon
    junon
    Community Member

    Hey @Donaldd, that's exactly what I was looking for. Thank you!

  • Lars
    Lars
    1Password Alumni

    @Donaldd - there wasn't a "staff answer" probably because - as you see - we're about ten pages deep with comments here, after the recent release of 1Password 7 for Mac. We do try to get to everyone as quickly as possible but around launch times, things can get a bit hectic. :)

    @junon - It sounds like you've got a solution that's working for you. If so, great! Let us know if you need anything else. :)

This discussion has been closed.