Inactive 2FA report and subdomains

Feature name

Inactive 2FA report should handle subdomains.

Feature function

  • What will this feature do differently?

If 2fa.directory has a recommendation for site.com, but my URI is foo.site.com, it does not match.

I imported logins from my browser to the vault and ran the inactive 2FA report.

My docker login had no 2FA entry, but this was missed in the inactive 2FA report.

The URI I imported was https://hub.docker.com.

Changing this to https://docker.com triggered a recommendation in the report.

  • What benefits will this feature bring?

I’m certain that many premium users are missing recommendations.

Also, I can’t find documentation warning of this behavior.

Related topics + references

  • Are there any related topics that may help explain the need and function of this feature?

  • Are there any references to this feature or function on other platforms that may be helpful?

Unsure.

If the host given to 2fa.directory doesn’t match, and contains multiple subdomains, the platform could:

  • Remove one label and retry

If a.b.c.foo.com does not have a match, search for b.c.d.foo.com, c.d.foo.com, etc. until you reach the second level domain.

  • Just check the second level domain

If a.b.c.foo.com does not match, just check the second level domain foo.com.

Either would overcome the mismatch problem and alert more users of inactive 2fa logins.