Protect what matters β even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Watchtower and Two-factor authentication
My Watchtower has flagged nine "sites that have two-factor authentication but you haven't set it up yet". However, six of these sites are set up with passkeys. The other three sites are two-factor enabled.
Why is the Watchtower flagging the three two-factor enabled sites? Why is the Watchtower flagging passkey sites? Are not passkeys a two-factor method?
5 Replies
- 1P_Dave
Moderator
Hello jmb679β and 1pass_userβ! π
Thanks for the question! Passkeys are already resistant to phishing and can be considered to have the same level of security as a password plus two-factor authentication, with a lot less friction. Two-factor authentication was designed to add an additional layer of protection to passwords against phishing.
If you have a Login item saved in 1Password that contains a passkey, and that also contains a password, then you'll see Watchtower flag that item as having 2FA available. This is because most websites still allow you to sign in either using your passkey (which is resistant to phishing) or your password (which is not).
There are a few options here:
- Add 1Password as an authenticator app to the websites in question for 2FA: Use 1Password as an authenticator for sites with two-factor authentication
- Ignore the 2FA banner if you wish.
Why is the Watchtower flagging the three two-factor enabled sites?
Is the one-time password for those websites saved in 1Password? Or are you using a different authenticator app?
-Dave
The preferred fix appears to be to add a "2FA" tag to these login items. Or, just "Ignore" them.
Hi,
Watchtower reports that a login doesn't have two-factor authentication enabled when there is a saved passkey, but no one-time code.
I have the same problem.
I just tested it on 1Password 8.11.18, and Watchtower still marks logins that have passkeys saved as having no two-factor authentication enabled.
