Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Watchtower not flagging sites with 2FA available
I noticed this evening that Watchtower hadn't flagged sites where I didn't have 2FA enabled, even though 2FA is available on the site. I noticed this when perusing a list of 2FA enabled websites from...
Apologies for the delayed reply 1P_Dave.
You are correct, the 2fa site is often incorrect and I plan to submit PR's to the 2fa.directory repo myself to fix some missing or incorrect info stated on their site.
I do have a much bigger list than I posted above and there are definitely some mismatches between 1Pass watchtower/2FA.dir for some sites, though.
Oddly, the Raycast extension which highlighted some 2FA sites to me which were not flagged in 1Password, also pulls it's data from https://2fa.directory/ and the results in that extension differ from the results in 1Password, though that ext also reports some correct, incorrect/mismatched info compared to the 2fa.dir site. Something is not working well somewhere and I believe it is potentially coming from all 3 sources somehow (the Raycast ext (Search 2FA Directory), Watchtower and also the https://2fa.directory/ site itself, (or their API's!?))
Is 2fa.directory also the source for "passkeys available" reports in Watchtower? I noticed today that GitLab was not flagged in Watchtower as having a passkey available even though a passkey can be setup on GitLab. I'm also not sure if this is due to GitLab/2FA.dir not explicitly stating passkeys being available, rather stating that WebAuthn/Hardware devices are supported. I'm not sure where Watchtower in 1Password gets its passkeys data from? If it's 2fa.directory, then something in their API or 1Password is broken. I'm guess it's more likely that the passkeys report in Watchtower is generated via your passkeys directory though?
One potential reason GitLab may not have been flagged for having a passkey available is that I have it tagged with '2FA' in 1password to avoid the banners regarding 2FA being available where I've used a 3rd party app for tokens. I believe the "'tag it with '2FA'" solution was provided by your team long before passkeys even existed. If that is a reason for the non-flagging, then it would be great if that could be somehow resolved in a future release so that passkeys and 2FA banners are 'cleaned up' with different tags. This would give a better indication in watchtower as to which sites can now use passkeys, even if they are currently set up with TOTP.
