Duo integration?

XIII

In the web release notes I read that there's a beta with Duo integration for 1Password for Teams. Do you plan to offer that for the Families counterpart as well? I would love that! Duo Mobile is already my preferred 2FA App…

https://app-updates.agilebits.com/product_history/B5

---

1Password Version: Families
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Ben

Hi @XIII,

At the moment beta features are limited to team accounts, but I'll certainly pass the feedback along to the team that you'd like to see them in 1Password Families as well. :)

Ben

hazmat

Please second that request. You're going to have lots of people keeping the account keys in plain text in a Dropbox text file or in a note in Apple Notes so they can get to their vault via the web site on other computers than their own.

I use Duo at work and it's great.

ntimo

@Ben could you add my request too? I would love that feature for my families account as well! Even if its in beta. And why do only team members get beta thats so unfair :(

Ben

Certainly. :) Thanks for the feedback. :+1:

Ben

hazmat

Agreed. The need for security in Families accounts is no less important than in Teams accounts.

Ben

The need for security in Families accounts is no less important than in Teams accounts.

Very true. :)

Ben

ntimo

Hi @Ben,
1Password is a security product and not making a security feature available to all. That could be made available to all, just does not make sense. Because this would mean giving some more security then others?

But another question I already asked: What happens if someone with MFA (DUO) enabled adds his account to the 1Password apps. Will he be asked for the MFA? or is this only on the web? Because if its only on the web it does not really give a third layer of security. Because lets say I know you master pw and account key and know you have MFA enabled then I would simply access your account using the apps knowing I could bypass the MFA.

Thx
Timo

Ben

Timo,

As far as I'm aware it is only limited while in beta. I'm not sure what the intentions are after the beta period. As more information becomes available about Duo and its potential integration with 1Password we'll be sure to share it here. Remember -- it is a beta, so it may not stick around at all. We'll see how testing goes.

As soon as we have an answer to your other questions we'll answer them here. :)

Ben

XIII

This week I had to work on the Windows laptop of a colleague for several days. Web access to 1Password is great for that, but I felt very uncomfortable typing both my Account Key and my password in the same browser (even though I chose to use it as a public browser, i.e. not save the key). Duo integration would have been so great now!

Jacob

@XIII I definitely hear you there. That's why we made the QR code for devices, but it doesn't apply to the web interface since that's usually where you get it in the first place. I'm sorry for the confusion about how Duo works, though. It would actually just be an extra step when signing in, not a replacement for the Account Key or Master Password. Similar to two-step authentication on Google, Apple, and any other major service, once you enter your email, Account Key, and Master Password, Duo will ask you to authorize this device. Hope that helps clear things up! :)

XIII

@Jacob That's kind of what I expected: a real second factor (something you have), next to the password and account key (both something you know; I still have the feeling the account key is only to improve weak passwords, but no real second factor - I might misunderstand that though).

Jacob

@XIII Well, the Account Key is actually better than two-factor™. We wrote a bit about it in our About the Account Key article. You're correct that the main goal is to strengthen the encryption, and the nice thing about an Account Key it doesn't exist to defend an authentication system. The only thing Duo provides is an element of physical presence like you said. So long as you don't share your Account Key or Master Password with anyone, Duo isn't really necessary.

hazmat

There needs to be an easier, yet secure, way to retrieve the key, though. Like when accessing your vault via the web from a "foreign" or new computer.

Jacob

The easiest way we've found at this point is having the account on your devices, such as your phone since that's usually with you, and getting the Account Key from there. It still requires typing, so we could make it smoother. The only thing is, there aren't many people who use 1Password on a different computer every day.

hazmat

So where are you keeping the key, in1Password?

Jacob

You can find it in a few different places depending on which app you're using:

If you can't find your Account Key or QR code

Hope that helps!

hazmat

Thanks. That's some good info. Stupid question: is the account key case-sensitive?

Jacob

You're welcome. :) And that's a great question — I've not heard it before. It isn't case-sensitive, and you'll notice that 1Password.com converts anything you type to capitals automatically when signing in.

hazmat

Excellent, thanks. On every machine I use I remap Caps Lock to Control. Old habit from Sun workstations that I can't let go.

Jacob

No problem at all :+1: