Watchtower does not notice missing two-factor authentication for Adobe ID, AngelList, and Namecheap

I have 3 Login items missing two-factor authentication that Watchtower did not notice. The 3 website values for the login items are:

https://twofactorauth.org has exact matches for both angel.co and namecheap.com domains. However, Watchtower did not notice missing 2FA for either login item.

https://twofactorauth.org also matches accounts.adobe.com (note plural "accounts"), but not account.adobe.com (note singular "account"). Watchtower does notice missing 2FA for a login item with domain accounts.adobe.com, but does not notice missing 2FA for a login item with domain account.adobe.com. After logging in, the Adobe Id URL settles to the account.adobe.com domain.


1Password Version: 7.3.2
Extension Version: 7.3.2
OS Version: macOS 10.14.6
Sync Type: 1Password account

Comments

  • ag_anaag_ana

    Team Member

    Hi @tylrtrmbl! Welcome to the forum!

    https://twofactorauth.org has exact matches for both angel.co and namecheap.com domains. However, Watchtower did not notice missing 2FA for either login item

    What happens if you change your URL items in 1Password to "https://angel.co" and "https://www.namecheap.com", respectively?

    Watchtower does notice missing 2FA for a login item with domain accounts.adobe.com, but does not notice missing 2FA for a login item with domain account.adobe.com

    This is expected behavior: Watchtower looks at the exact URLs on twofactorauth to alert you for missing 2FA. If the website lists "accounts.adobe.com" but not "account.adobe.com" as the URL, that's the address that it is going to monitor.

    And I suspect this is also why you are seeing this behavior with the other two items, as Watchtower currently checks for exact matches in the URLs on twofactorauth.

  • I understand what you mean about Adobe.

    What happens if you change your URL items in 1Password to "https://angel.co" and "https://www.namecheap.com", respectively?

    I tried the URLs you suggested. Watchtower still did not notice missing 2FA for either login item.

  • brentybrenty

    Team Member

    @tylrtrmbl: Thanks for letting us know. To make sure we're on the same page, 1Password supports the TOTP standard, so when you save a TOTP secret in 1Password for a site to have 1Password generate the code for you, then it knows you have two-factor authentication setup there. In other cases, where you're using something entirely outside of 1Password, you can tell 1Password that by adding the tag 2FA to those items to confirm that you have it setup for the account.

    Is the information on https://twofactorauth.org correct for all of these?

    It seems to be for one, but I do not have accounts for all three.

  • The information on twofactorauth.org is correct. All three of those services support software TOTP. I've even got software TOTP for those services working properly with 1Password! It's just that Watchtower didn't proactively let me know I was missing 2FA for those accounts. None of them had the 2FA tag, so they shouldn't have been ignored by Watchtower.

  • brentybrenty

    Team Member

    @tylrtrmbl: Thank you for confirming! It's likely that an update is necessary then to be able to pull the latest information from twofactorauth.org

    ref: apple-4167

  • It's likely that an update is necessary then to be able to pull the latest information from twofactorauth.org

    @brenty I don't think that's the case. twofactorauth.org has a public GitHub repo for their website. It shows they updated Namecheap with TOTP support over 2 years ago, and that AngelList was added to the site almost three years ago with TOTP support.

    Namecheap updated July 2017: https://github.com/2factorauth/twofactorauth/commit/f031e8592fb234be884436a590a1282622cfb115
    AngelList added October 2016: https://github.com/2factorauth/twofactorauth/commit/87108a4ec77103446910ecbb1d07ab5903deb522

    I'm using the latest stable version of 1Password, version 7.3.2, released only a month ago. Additionally, Watchtower does notice missing 2FA logins for Patreon (https://www.patreon.com/) and Patreon was only updated with TOTP support on twofactorauth.org just over a month ago.

    Patreon updated June 2019 (merged July 2019): https://github.com/2factorauth/twofactorauth/pull/3916/commits/da165960b8fc7b4b8c5bc7c2dff6d434b922bc8f

    To me, it doesn't seem like out-of-date information from twofactorauth.org is the issue.

  • brentybrenty

    Team Member

    I don't think that's the case. twofactorauth.org has a public GitHub repo for their website. It shows they updated Namecheap with TOTP support over 2 years ago, and that AngelList was added to the site almost three years ago with TOTP support. [...] To me, it doesn't seem like out-of-date information from twofactorauth.org is the issue.

    @tylrtrmbl: That's a good point. I hadn't thought to check that. Thank you! I'll bring that up with the team as well so we can figure out what's causing this.

This discussion has been closed.