Two factor authentication

ulbn
ulbn
Community Member

One of the most well known hotel booking sites has just convinced me to use their two factor authentication...OK.. "I took the bait"...

Is it now possible, afterwards, to include that specific website (the already confirmed 2factor authentication feature that the hotel-booking site offered)) among all the other safe features that 1Password 7 now provides me with since I am a subscriber?

I have many safe passwords registered in my 1Password 7 so far, but no 2 F A activated there yet.

I have a Mac Book Pro from 2015, now with OS 10.14.3 Mojave and use 1Password 7 as my only password manager...

Any suggestions or recommendations? Can I move it in, under the 1Password7 - "hat" without too much trouble?
/ulbn


1Password Version: 1 Password 7.2.5
Extension Version: Not Provided
OS Version: OS 10.14.2 Mojave
Sync Type: iCloud

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @ulbn!

    Just to clarify: have you enabled 2FA for this website already, but outside of 1Password? And are you now looking to have 1Password itself generate the 2FA codes? Is this correct?

  • ulbn
    ulbn
    Community Member

    Dear ag_ana,

    • yes, I enabled the mentioned 2FA for the indicated hotelreservation website alreaady, outside of 1Password 7!
    • Yes, I thought there is a way to include that 2FA in my existing 1Password 7 vault...or an extra vault.
      R u. clarified now?
      Rgds
      Ulbn
  • ag_ana
    ag_ana
    1Password Alumni
    edited March 2019

    Dear @ulbn!

    Thank you for the clarification! In this case, you can then enable the 1Password 2FA codes generator using the same procedure that you used to configure your first authenticator, if you wish. As long as that website supports 2FA QR codes, you can use 1Password as your authenticator app.

    We have a short article about it. If you follow the steps, you will be able to successfully generate 2FA with your 1Password account for this website.

    If you have any other questions, please feel free to reach out anytime.

    I hope this helps! Have a wonderful day :)

  • ulbn
    ulbn
    Community Member

    Thanks ag_ana, I will surely read that article on how to do what I need in this case.
    In general, I am still struggling from time to time learn and manage the 1Pw7 features...and I do hope that it’ll come out right in the end.
    The 2FA is probably the best safety mesure for a suspicious and cautious old (71 years) man like me, provided I can learn the tricks!
    I’ll ask again if and when I fail with the 2FA procedure!

    Best regards from me, living here in the northern swedish town, which during the next two weeks hosts the Biathlon World Championships for 2019 - Östersund!
    /ulbn

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @ulbn!

    I am sure you will learn all the tricks! if you need any help, please let us know, we are always happy to help :)

    Have fun at the Biathlon World Championships! That sounds amazing!

  • mriner
    mriner
    Community Member

    Ana, the article you refer to does not indicate how to enable 2FA on a site that you have previously arranged to enable, and are already using, 2FA! It only addresses how to use 1PW to enable 2FA on a site for the first time. Also, this article suggests that you log into your account on the 1PW website, but I see no ••• when I click on a site that I have already enabled 2FA. There must be some steps missing here.

  • mriner
    mriner
    Community Member

    Ana, I forgot to click edit, then was able to add 'one-time password' to the field, and click on the ••• However, when I opened this website, entered my user name and password, and then requested a one-time password number to be sent to my cellphone, then copied this number into the field in 1PW and clicked save, I found the word 'error' in the field.

  • Henry
    Henry
    1Password Alumni

    Hi @mriner! Our guide to setting up 2FA codes for a Login inside 1Password don't cover what to do if you've already set up the codes in another authenticator app because the requisite course of action depends greatly on the site and the other authenticator app you're using. Let me explain how you might do it.

    First, it'll be helpful to understand how "TOTP 2FA", the standard protocol for code-based 2FA in authenticator apps, works. Let's say you're a new Dropbox user just setting up 2FA for the first time. To set up your 2FA, you're presented with a scannable code like this one:

    You can press that button to enter the secret manually to get this:

    The "TOTP secret" in the screenshot above—that's the long string of characters—is what's contained in the scannable code. All an authenticator app like Google Authenticator or 1Password needs to generate your one-time codes is that TOTP secret (whether in text or scannable form).

    Very fancy math, universal across authenticator apps, takes the aforementioned TOTP secret and spits out the current six-digit one-time password depending on the current time.

    So, to set up a new authenticator app like 1Password to generate your codes, you need the whole long TOTP secret, in either the scannable or text form from the screenshots above. You can't just enter the current six-digit code, as those change every 30 seconds (and the pattern depends entirely on the TOTP secret).

    Now let's go back to your case, switching your 2FA codes from a different authenticator app to 1Password. You'll need the original TOTP secret, not just the current code, to enter into 1Password. Depending on your current authenticator app, there may be a way to extract the TOTP secrets you previously entered/scanned. However, most do not offer this, so you'll have to get the secrets from the sites (e.g. Dropbox, Google) themselves.

    Google, for instance, has a "Change phone" button at myaccount.google.com > Security > 2-Step Verification:

    Pressing that will bring up the TOTP Secret in scannable code form just like when you set up 2FA originally. Then you can scan it in 1Password as the guide Ana shared describes. Other sites will offer similar functionality too—in general, sign in to the account (using the authentication code from your previous authenticator app), go to security settings -> 2FA settings, and find the button like "Change phone" (if you've already set up an authenticator app) or set up 1Password as your authenticator as normal (if you're only using codes sent via text message currently).

    For more help checking if sites support software-based 2FA, and how to set it up on each site, our friends at twofactorauth.org have quite the comprehensive list of websites compiled.

    I hope this lengthy answer helps you get set up with 1Password as your super-secure authenticator, and do let me know anytime if I can help more :)

This discussion has been closed.