Why doesn't the extension or app require 2FA?

Bellamy88
Bellamy88
Community Member
edited August 2018 in 1Password in the Browser

I've enabled 2FA on my account but there's no 2FA on the 1Password X extension or the desktop app which completely defeats the point of placing 2FA on your account... Someone knows your password and they try to log in and run into 2FA? No problem, just go on chrome extension or desktop app and they're in.

So why doesn't the chrome extension have 2FA also?

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

[1Password team edit: there's related discussion in The 1Password X extension seems very vulnerable if my computer gets hacked.]

Comments

  • blaxxz
    blaxxz
    Community Member

    The 2FA is only for the first login with an application to your Account activ.
    If this device is trusted so 1P will never ask you for the 2FA again.

  • Bellamy88
    Bellamy88
    Community Member

    @blaxxz Even for the extension? So if someone had my password and tried to login from a foreign device either through the app or the extension, they'd get a 2FA request?

  • blaxxz
    blaxxz
    Community Member

    Yes they will asked for the 2FA.
    I mean if you have a new IP, 1P will ask for the 2FA either.

    You can try it.

  • Mitch
    edited August 2018

    Hi @Bellamy88,

    1Password will ask you for your two-factor authentication code in two situations:

    • when you sign in from an unknown device
    • if you deauthorize a device in your 1Password.com profile and try to sign in again

    If someone were to install 1Password X on another computer, they would need three credentials to sign in to your account: 1) your Master Password 2) your Secret Key 3) your two-factor authentication secret. The first two of these are actually the most important ones for protecting your security, which is why two-factor authentication is an optional feature for 1Password accounts.

    Mitch

This discussion has been closed.