Inactive 2FA error

Dave Creek

I have 2FA enabled on my Dropbox account but 1Password shows it as not enabled. How do I correct this?

---

1Password Version: 1Password 7 Version 7.0.7 (70007000)
Extension Version: 4.7.2
OS Version: OS X 10.13.6 (17G65)
Sync Type: Dropbox

Stephen_C

@Dave Creek:

To avoid the warning from 1Password when it fails to recognise that you already have 2FA enabled for a site you can edit the relevant login and add to it a tag simply called 2FA.

Edit: removed link to Dropbox article on enabling 2FA because I realised you said you'd already enabled it.

Stephen

Dave Creek

Thanks, Stephen.
Dave

rudy

@Dave Creek,

There are two ways to address that warning, one would be to add a one-time password field onto the Dropbox item and the other way is what Steven says by putting a 2FA tag on the item.

brightpavilions

@rudy

I had this same question and found this thread. My question is why isn't Watchtower able to tell when 2FA has been activated? Isn't that the point? That it keeps an eye out and is perpetually up-to-date?

danco

If you think about it, Watchtower can tell (by a database lookup) what sites permit 2FA, and it can tell if 2FA is enabled within 1PW. But it really has no way (or at least no convenient way) of telling if 2FA has been enabled using some third-party app or SMS.

Lars

@brightpavillions - @danco is correct: 1Password can't "know" things about your sites and what you've specifically enabled except what you've "told" it (that would be invasive and a potential security issue). What we CAN know, without knowing anything about your specific use, comes from sites like Two-Factor Auth. From that, 1Password can know 2FA is available. And it can check itself, internally, to see whether you've enabled 2FA using 1Password. But it can't (nor should it) know anything about how you conduct yourself outside of 1Password, like with an external app or hardware token. Make sense?

brightpavilions

Yes thanks! And sorry for the delay in response. I thought I received email updates when I was subscribed to a thread, but perhaps not.

Lars

@brightpavillions - no worries! You can adjust your notifications preferences in your profile. :)

Ind3X

Further to the OP's question, there is also an issue where sites that have 2FA disabled do not show up in the 'Inactive 2FA' section of watchtower (even if there is a matching URL listed under 'website')

After doing some poking around I've found that this is due to 1P only looking at the very first URL listed under the 'website' section of an entry. Can this be fixed so that all recorded URL's are checked against the twofactorauth.org database?

Lars

@Ind3X - I'm sorry for the trouble! Can you tell me a little more about your use-case? Most of the time, the URL for a site you have saved as a Login item in 1Password will be saved in the main position -- or, if it's not, such as perhaps with Apple/iCloud -- the 2FA issue isn't an issue because it's the same at all those URLs. What types of Logins are you creating where you've got 2FA-enabled site URLs in the 2nd, 3rd, etc, position where the main site does not have 2FA available?

Ind3X

Hi @Lars

With a Google account, the main URL is saved as accounts.google.com but that subdomain isn't listed on twofactorauth.org, so the Google entry isn't marked as 'inactive 2fa' in 1P.

mail.google.com is listed on twofactorauth.org, but if I add that URL to the 2nd 'website' position, 1P still doesn't list the entry in 'Inactive 2FA'. However, if I move that URL to the top spot, 1P does recognise the URL, but also, changes the Google icon to a gmail icon. It's not a major issue, more of an annoyance. Most importantly, due to the fact that 1P doesn't appear to read additional URL's, there may be other sites that I'm not being notified about, that actually don't have 2FA enabled, that I am not aware of.

I came across this as I was going through the listed 'inactive 2FA' sites and tagging them with 2FA, as per OP's question.

edit - I also tried just changing accounts.google.com to google.com, but that didn't work either.

AGAlumB

Indeed, we're aware of the issue. The difficulty is that those are treated as different websites for the purposes by twofactorauth.org. I agree this is confusing though, and we'll have to determine how best to handle this across all of the apps.

ref: apple-1806

socceric

@brenty any update on this?

ag_ana

@socceric:

What website are you having issues with?

socceric

@ag_ana last time I checked there were a number of websites that were not included in the inactive 2FA list and was told to stay tuned for fix {apple-issues#1806} in the release note which hasn't happened yet

ag_ana

@socceric:

Indeed, we don't have anything to share at the moment. But you did the right thing keeping an eye out on the release notes: everything that we do ends up in the list there ;)

socceric

@ag_ana this issue has been raised in at least 4 different threads back in 2018. Can you please provide an ETA? Seems like it will never be fixed...

Lars

We don't normally give ETAs or pre-announce release dates as many factors (some beyond our control) affect them.