Why doesn't the extension or app require 2FA?

Bellamy88 · August 2018

I've enabled 2FA on my account but there's no 2FA on the 1Password X extension or the desktop app which completely defeats the point of placing 2FA on your account... Someone knows your password and they try to log in and run into 2FA? No problem, just go on chrome extension or desktop app and they're in.

So why doesn't the chrome extension have 2FA also?

Thanks.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

[1Password team edit: there's related discussion in The 1Password X extension seems very vulnerable if my computer gets hacked.]

vealpool · August 2018

The 2FA is only for the first login with an application to your Account activ.
If this device is trusted so 1P will never ask you for the 2FA again.

Bellamy88 · August 2018

@blaxxz Even for the extension? So if someone had my password and tried to login from a foreign device either through the app or the extension, they'd get a 2FA request?

vealpool · August 2018

Yes they will asked for the 2FA.
I mean if you have a new IP, 1P will ask for the 2FA either.

You can try it.

Mitch · August 2018

Hi @Bellamy88,

1Password will ask you for your two-factor authentication code in two situations:

when you sign in from an unknown device
if you deauthorize a device in your 1Password.com profile and try to sign in again

If someone were to install 1Password X on another computer, they would need three credentials to sign in to your account: 1) your Master Password 2) your Secret Key 3) your two-factor authentication secret. The first two of these are actually the most important ones for protecting your security, which is why two-factor authentication is an optional feature for 1Password accounts.

Mitch

Why doesn't the extension or app require 2FA?

Comments