Forum Discussion

Former Member's avatar
Former Member
3 years ago

Set 2FA every login

Hi, I use a YubiKey NFC. For example, I can deauthenticate my MacbookPro and request a 2FA for the next login. Is it possible to request this for every login so that a login is only possibl...
macos
1P_Dave's avatar
1P_Dave
Icon for Moderator rankModerator
3 years ago

Hello Former Member! 👋

Two-factor authentication (when using something like an authenticator app or YubiKey) only prevents others from adding your account to a new device. Once an account is added to a device you'll need to use your account password (or biometrics) to unlock the app and decrypt your data: Authentication and encryption in the 1Password security model

Are you looking for the ability to always be prompted for your YubiKey, in addition to the account password, before 1Password unlocks? Can you tell me a little more about what kind of attack you're trying to protect against?

I look forward to hearing from you. 🙂

-Dave

  • maxi36sailor's avatar
    maxi36sailor
    New Contributor
    9 months ago

    The reason I would like to be prompted for 2FA at each login is that I am sometimes using a shared PC. 

    • 1P_Dave's avatar
      1P_Dave
      Icon for Moderator rankModerator
      9 months ago

      maxi36sailor 

      I recommend that you only use 1Password on a device that you trust. If you do need to use 1Password on a shared device then you can lock 1Password manually before stepping away. You can also adjust your auto-lock preferences to be more strict: 


      Once 1Password locks, the only way to unlock the app is to type in your account password (or biometrics if you've set those up). 

      -Dave

      • maxi36sailor's avatar
        maxi36sailor
        New Contributor
        9 months ago

        Thanks for your response. Then it seems there is not a way to require 2FA at every login. I'm not technical, but it seems that it would be possible to offer an option for a user to choose to use 2FA at every login, or not, depending on a user's preferences. I'm using a software authenticator and am considering using a Yubi Key. Even with the Yubi Key option, I believe I would still not have the option to require additional 2FA authentication at every login. Is there a reason, other than assuming a user would prefer the convenience of not needing to use 2FA, that this option is not offered? Thanks.