I turned on 2FA through Cisco Duo app because I love security and keeping my data safe, but this is seriously hair-ripping. Every time I log into any browser, it asks me for 2FA code. It feels like this stupid thing pops up at the most inconvenient times and multiple times making it a nuisance to be turned off. What are the 'rules' of how 2FA is supposed to act? When is it supposed to ask me for a 2FA password for my 1PW family account? Once per browser right? And then? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided

Pardon my frustration above, but I really _want _ to keep 2FA on but it's just become so difficult. Isn't 1Password support to create cookie when 2FA is authenticated on a specific browser and not ask again until logging in from a different browser or unrecognized computer/device? Is there a time period expiring where the 2FA cookie expires? Am I misunderstanding all of this? That's how other sites work. Unrecognized device. Product asks for 2FA code Cookie created Log in again to 1PW 1PW recognizes it's a known device and lets you in Log in from unrecognized device > asks for 2FA

@mia I have not experience of the Cisco Duo app, but TOTP authenticator apps and hardware security keys behave the way you would expect. That is, you should only have to provide your second factor once per device. Are you inadvertently deleting cookies? Have you tried an alternative authenticator app?

I tried logging again just now and it asked me for OTP again :-( rootzero I use Cookiebro for Chrome which was my first thought, but I've ruled that out for the following reasons: 1) I've whitelisted all of 1PW's cookies already 2) No "unwanted" or blocked cookies detected while logging into the 1PW site. 3) I believe I saw this on another computer without CookieBro. I haven't tried any other OTP. I tried Authy but it wouldn't let me sign up unfortunately/ "NOTICE: Multi-device disabled" Questions: Is there a 'timeout' for the OTP or is it a permanent per device until reset? What other reliable OTP apps are there? Duo, Authy and 1PW are the only ones I know of. Google Authenticator is terrible, I wouldn't touch it.

@mia I'm assuming you have the 1Password browser extension installed. I would try disabling all other extensions temporarily to see if that makes any difference. Authy is my preferred authenticator app. That error message means that there is already an Authy account associated with the phone number you gave and that it is currently set to not allow new devices to be added. I'm not sure I would recommend it at this point, but you can recover access to that Authy account by following these instructions: https://support.authy.com/hc/en-us/articles/115012672088-Restoring-Authy-Access-on-a-New-Lost-or-Inaccessible-Phone There is no time-out for 1Password 2FA. It is permanent per device until the app is reset, a browser cookie is deleted, the device is deauthorized or the 2FA is reset in your 1Password profile. Google Authenticator is not a safe option because losing or resetting your phone results in the loss of your 2FA tokens. I wouldn't use Microsoft Authenticator because someone with access to your Microsoft account can recover all your 2FA tokens. If you're on Android, Aegis is a good option. If not, do you have another phone number you could use to set-up Authy?

You read my mind! I requested a security review of my Authy and asked for deletion. It’s crazy someone can do this with just your phone and email :-/ but I guess it’s there for people like me. Lol I am going to take your advice about the browser extensions.

Why is 2FA so frustrating in 1PW 8/ Family Membership?

13 Replies

Former Member
5 years ago
I tried logging again just now and it asked me for OTP again :-(

rootzero I use Cookiebro for Chrome which was my first thought, but I've ruled that out for the following reasons:

1) I've whitelisted all of 1PW's cookies already
2) No "unwanted" or blocked cookies detected while logging into the 1PW site.
3) I believe I saw this on another computer without CookieBro.

I haven't tried any other OTP. I tried Authy but it wouldn't let me sign up unfortunately/ "NOTICE: Multi-device disabled"

Questions:
Is there a 'timeout' for the OTP or is it a permanent per device until reset?
What other reliable OTP apps are there? Duo, Authy and 1PW are the only ones I know of. Google Authenticator is terrible, I wouldn't touch it.
Former Member
5 years ago
@mia I have not experience of the Cisco Duo app, but TOTP authenticator apps and hardware security keys behave the way you would expect. That is, you should only have to provide your second factor once per device.
Are you inadvertently deleting cookies? Have you tried an alternative authenticator app?
Former Member
5 years ago
Pardon my frustration above, but I really _want _ to keep 2FA on but it's just become so difficult. Isn't 1Password support to create cookie when 2FA is authenticated on a specific browser and not ask again until logging in from a different browser or unrecognized computer/device? Is there a time period expiring where the 2FA cookie expires? Am I misunderstanding all of this?

That's how other sites work.

Unrecognized device.

Product asks for 2FA code

Cookie created

Log in again to 1PW

1PW recognizes it's a known device and lets you in

Log in from unrecognized device > asks for 2FA

Forum Discussion

Why is 2FA so frustrating in 1PW 8/ Family Membership?

13 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

When I enable passkeys on Amazon, my OTP is removed

Custom Templates

Passkeys Not Working on Android – Always Falls Back to Google, Despite Troubleshooting

When I open Safari on my iMac, the 1Password symbol on the toolbar does not have the lock symbol.

How to integrate Edge Browser