Duo 2FA, remember me does not work

I don't know if this question should be directed to Duo or you guys but I'm hoping that you can tell me.

When an account is added in a local 1Password installation a 2FA login is required and it triggers the Duo authentication prompt. The option "Remember me for 30 days" can't be ticked due to some third party cookie setting.

Is that some local browser setting, a setting in 1Password or should I raise this issue with Duo?


1Password Version: 7.1.1
Extension Version: Not Provided
OS Version: OS X 10.13.6
Sync Type: Not Provided
Referrer: forum-search:duo

Comments

  • john_m
    john_m
    1Password Alumni

    Hi @amcds, welcome to our forum! :chuffed:

    The frequency of how often account members must re-authenticate with Duo is controlled by the owners/administrators of your account; in the Duo configuration for the account is a "Remember Device Authentications" setting that controls how long in days to remember that a member has authenticated. You can learn more in our Duo configuration guide here: https://support.1password.com/duo/

    As a general note, everything in the Duo pop-up in your screenshot is coming from the Duo side of things; on the 1Password side, only the Duo configuration exists, everything else comes from Duo directly.

    I hope that helps - let me know if you have any more questions! :+1:

    John

  • amcds
    amcds
    Community Member

    Hi @john_m

    Thanks :)

    Ok, but the question is actually who renders that site - is it the 1Password app or a local browser, because Duo is already set up to be able to use remember me, but the checkbox can't be ticked as the browser rejects the cookie that is supposed to store the number of days.

    So are you (1Password) using the system default browser or some native browser?

    /david

  • john_m
    john_m
    1Password Alumni

    Hi @amcds,

    1Password for Mac uses standard macOS controls for displaying most of its web content, so that dialog is likely based on Safari's rendering engine; the contents of the dialog are coming directly from Duo. With Duo enabled, you need to authorise each device associated with your 1Password account membership whenever the "Remember Device Authentications" time limit has passed; so for example, let's say you are signed into your account from the app on that Mac, and also from the app on an iPhone - you will need to separately authenticate each device with Duo, authenticating with one device won't automatically authenticate the other device for you. When an authentication check is made against Duo, if it passes you won't see the Duo prompt at all - so in essence, I believe the "Remember me for 30 days" checkbox there is irrelevant to 1Password, as "remembering" is based on the setting defined by your 1Password account owner or administrator.

    Let me know if you have any more questions about it :chuffed:

    John

  • amcds
    amcds
    Community Member

    Found that setting on the 1Password online account administration now (Settings->Duo)
    Thank you for your help :chuffed:

  • john_m
    john_m
    1Password Alumni

    No problem at all @amcds, glad I could help! If you have any more questions about Duo, just let me know! :+1:

  • isometry
    isometry
    Community Member

    We're also facing this issue, with our Duo policy set to allow remembering device authentication for up-to 180 days. Unfortunately, it appears that the specific web view that 1Password uses to render the Duo controls does not permit cookies to be set, and so we receive the "you need to enable cookies …" warning as soon we click the "remember me …" checkbox.

    Would you please consider enabling httpcookiestorage in the relevant webview? https://developer.apple.com/documentation/foundation/httpcookiestorage

  • Hi @isometry,

    The WKWebView we use to display the Duo page is a standard web view with a default WKWebsiteDataStore (and WKHTTPCookieStore) on its configuration. We'll have to look in to why cookies aren't working, but we certainly aren't intentionally blocking them in this case.

  • isometry
    isometry
    Community Member

    Thanks for the update! I look forward to hearing more.

  • Lars
    Lars
    1Password Alumni

    :) :+1:

This discussion has been closed.