Two factor authentication
Hi,
I am trailing the 1Password to switch from Dashlane. I enabled 2FA on the account, however, regardless whether I open the Windows app or mobile or web it doesn't give me an option to enter 2fA value. What I am really looking for is, every time I login to the app it should prompt for the 2fa key; not just for a new device. Dashlane provides this, Is this possible in 1Password.?
Thanks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@vinuvthomas: 1Password works offline, so it does not authenticate every time you unlock the app. Otherwise you'd be out of luck any time you had a bad internet connection or none at all — like when traveling. 1Password.com memberships' two-factor authentication is used when actually authenticating to authorize a device. So you would have had to enter it either when setting up 1Password on a device for the first time, or on existing authorized devices if you just enabled two-factor. We can certainly consider adding an online-only mode where you'd need to authenticate with the server each time you use 1Password, but we haven't really heard from others who want that. Most people like to be able to access the data they have locally on their devices, even without an internet connection.
0 -
@brenty . Thanks for the reply. What happens if the trusted machine is affected by keylogger or malware? then it can then steal the master password and gain access to the wallet. I understand Keylogger can capture 2fa key when I enter it. However, if I use DUO to approve the login then I am safe or at least I am getting a notification the mobile device about a potential access attempt.
0 -
@vinuvthomas: At that point it shouldn't be considered "trusted". But I understand your point. I just think it's a dangerous path when we start thinking of ways around a compromised machine. As you point out, a competent attacker isn't going to be thwarted by two-factor authentication in that scenario; they'll just capture that too and pass it on themselves.
While you're right that Duo has an advantage over TOTP in that regard (that's why we support it in 1Password Business), you're still talking about accessing sensitive data on a compromised machine. So what if the attacker can't capture everything they'd need to login to your account on their own device? They have control of yours, and can simply collect your data as you access it, if nothing else.
Two-factor authentication is a useful tool in our arsenal against malicious tools who want to steal our data...but we shouldn't fool ourselves into thinking it has security properties it doesn't, as that just gives us a false sense of security, which in turn leads to complacency.
0 -
Ok. thanks. Any plan to integrate personal subscription with Duo. As the personal user, $7.99 per month is very expensive.
0 -
@vinuvthomas: We don't have plans support Duo in personal memberships, as it's not a free service. We'd have to raise prices to do that, and at that point you could just pay for 1Password Business and get other advanced features too. :)
0 -
I have a question about this does two-factor authentication for 1password cost money to use on top of my subscription price ? I am confused.
Thanks.
0 -
@ttim03: Good question! Our own (TOTP-based) two-factor authentication is available in all 1Password membership plans and is included in the price — no additional charge.
We do, however, also offer the option for Duo authentication in 1Password Business (and Teams) plans. On our end, that's included in the higher cost of those plans along with other advanced features, but depending on your company's arrangement with Duo there may be an additional cost for their service.
I hope this helps. Be sure to let me know if you have any other questions! :)
0
