It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Solved
Watchtower and password ages
Hello, Watchtower is informing me of accounts that have 2FA available but not enabled. How does 1Password check to see if you have 2FA enabled on an account? I had an account and enabled 2FA and tha...
Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website.
That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directory
It's a convenient way to know how old a password is and whether or not it's due for a password change.
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
Instead we recommend that you change your passwords if one of the following conditions is met:
- The password for a website/account is not a secure and unique password generated by 1Password.
- 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to change-Dave
1P_Dave
Moderator
ModeratorHello ScarySulley! 👋
Thanks for the question! 1Password checks to see if you've saved a one-time password for a certain website in the same login item as your username and password. If you haven't then it'll alert you that 2FA is available for that website.
If you're using a different authenticator app to store your one-time password then 1Password won't know that you've already enabled 2FA. In those cases you can either add a 2FA tag to the item or click Ignore in the 2FA reminder banner at the top of the item to dismiss the alert.
Also, does 1Password 8 have the feature where it has categories on the left side showing passwords that are 3, 6 etc. months old or 1-3 years old?
1Password 8 doesn't have this kind of feature. Was there a particular reason why you wanted to see the age of certain passwords? You could sort your items by date to get a sense of when you last updated your items.
-Dave
What is 1Password's reference source for sites which offer one-time passwords?
For passkeys we know and and can use Passkeys.directory run by 1Password. There is 2FA Directory, though it's not run by 1Password (which is no impediment).
- 1P_Dave
