It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Solved
Watchtower and password ages
Hello,
Watchtower is informing me of accounts that have 2FA available but not enabled. How does 1Password check to see if you have 2FA enabled on an account? I had an account and enabled 2FA and that account was still listed as not having 2FA enabled, even though it was. I then added a 2FA tag to the entry and it was removed from Watchtower. I then added a 2FA tag to another account that was in Watchtower where 2FA was available, but not enabled. I did not enable 2FA on the account, but did add 2FA tag to the entry and that caused it to disappear from Watchtower. Does Watchtower check the account somehow or does it just check to see if you have a 2FA tag on the entry? Not sure if other similar tags would give the same result.
Also, does 1Password 8 have the feature where it has categories on the left side showing passwords that are 3, 6 etc. months old or 1-3 years old?
Thank you!
Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website.
That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directory
It's a convenient way to know how old a password is and whether or not it's due for a password change.
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
Instead we recommend that you change your passwords if one of the following conditions is met:
- The password for a website/account is not a secure and unique password generated by 1Password.
- 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to change-Dave
7 Replies
- 1P_Dave
Moderator
Hello ScarySulley! 👋
Thanks for the question! 1Password checks to see if you've saved a one-time password for a certain website in the same login item as your username and password. If you haven't then it'll alert you that 2FA is available for that website.
If you're using a different authenticator app to store your one-time password then 1Password won't know that you've already enabled 2FA. In those cases you can either add a 2FA tag to the item or click Ignore in the 2FA reminder banner at the top of the item to dismiss the alert.
Also, does 1Password 8 have the feature where it has categories on the left side showing passwords that are 3, 6 etc. months old or 1-3 years old?
1Password 8 doesn't have this kind of feature. Was there a particular reason why you wanted to see the age of certain passwords? You could sort your items by date to get a sense of when you last updated your items.
-Dave
Thanks for reply, 1P_Dave!
Thanks for the question! 1Password checks to see if you've saved a one-time password for a certain website in the same login item as your username and password. If you haven't then it'll alert you that 2FA is available for that website.
If you're using a different authenticator app to store your one-time password then 1Password won't know that you've already enabled 2FA. In those cases you can either add a 2FA tag to the item or click Ignore in the 2FA reminder banner at the top of the item to dismiss the alert.
Not sure if I'm understanding this correctly, but you're saying if a 2FA one-time password isn't set in a login item using 1Password's built in 2FA, 1Password will alert you that you haven't set 2FA one-time password? However only a limited number of items, out of all the items in my vault, currently show 2FA is available but not enabled yet. So 1Password has to know whether or not 2FA is available on a particular website otherwise most items would be showing 2FA is available but not enabled. Am I understanding this correctly?
1Password 8 doesn't have this kind of feature. Was there a particular reason why you wanted to see the age of certain passwords? You could sort your items by date to get a sense of when you last updated your items.
It's a convenient way to know how old a password is and whether or not it's due for a password change. Although good point about sorting items by date. However, I now realize that the "age" of the password is probably connected to last time the item was edited, which may not necessarily be when the password was last changed. I do keep a record of when a password was last changed, so I just go by that. Guess I'll just have to check manually.
Just a suggestion. It would be nice if there was a field in the item where you could input the date the password was last changed (not the last edited date) and 1Password could give an accurate age of passwords similar to previous versions of 1Password.
Thanks!
- 1P_Dave
Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website.
That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directory
It's a convenient way to know how old a password is and whether or not it's due for a password change.
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
Instead we recommend that you change your passwords if one of the following conditions is met:
- The password for a website/account is not a secure and unique password generated by 1Password.
- 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to change-Dave
What is 1Password's reference source for sites which offer one-time passwords?
For passkeys we know and and can use Passkeys.directory run by 1Password. There is 2FA Directory, though it's not run by 1Password (which is no impediment).
- 1P_Dave
