Unable to login after an iPhone reset and lost Authenticator app

sraymond
sraymond
Community Member

Please help. I cannot log in on my iPhone. I had to do a reset and I lost the authenticator app. 1Password still works on my iPad. I don't know what to do. Is there any other backup way to get a code like a text or something?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @sraymond: Thanks for getting in touch. Text messaging is not secure, so it's something we offer (or have any plans for).

    It sounds like you may have locked yourself out of your 1Password.com account by not having the authentication code. Is that correct? If so, we may be able to help, but it can take a number of days to do so, since there's a verification process and changes that need to be made to your account if everything checks out.

    If you are temporarily away from the device where your authentication code is generated, it may be best to wait until you have access to that device again. Alternatively, you could use a device that is already signed in, whether it’s one of the 1Password apps or a browser you’ve signed in with before. The code is only needed when signing into a new device/browser, so you could access your account on an existing device and disable it from there:

    1. Click your name in the top right and select My Profile on 1Password.com in a browser where you've already signed in previously
    2. Click More Options on the left and select Turn Off Two-Factor Authentication.

    From there, you can also re-enable 2FA to get a new TOTP secret and set it up again if you wish. Just be sure to save a backup somewhere safe.

    Finally, several authenticator apps have backup and recover options. Authy is one example of an app that allows you to recover your 2FA codes if you lose your phone. You can find their instructions here:

    https://support.authy.com/hc/articles/115012672088-Restoring-Authy-Access-on-a-New-Lost-or-Inaccessible-Phone

    But even if you don’t use Authy, it’s worth checking to see if your authenticator app has options available for recovery.

    However, if you're part of a 1Password Teams/Business plan, another admin could help you recover your account, which could allow you to regain access:

    https://support.1password.com/recovery

    Otherwise, if you won't have access to the device where the authentication code is generated going forward, or any other devices you've already authorized with your 1Password.com account, you'll need to shoot us an email at support@1password.com from your account's registered address so we can put you through a verification process. We're not going to discuss any account details here in a public forum.

  • sraymond
    sraymond
    Community Member

    Ah! Thank you so much. I got into work this morning and tried it from my web browser there and it worked. I was able to turn off the 2FA and then turn it back on and add it back to my authenticator app. Why does 1Password not give any backup codes? Other sites have backup codes that are generated that you save in case you are locked out and don't have access to the authenticator app.

    Apple wanted me to restore my phone as new and not from a backup because of a problem I am having and I thought most everything was stored in the cloud so it wouldn't be an issue. I didn't even think that it would wipe out my authenticator apps.

  • @sraymond

    We don't currently have plans to offer "backup codes" because those never expire and can be stolen and used at any time in the future. Sort of negates the security benefit of using Time-Based One-Time Passwords as the second factor. As it is TOTP provides protection against only a small percentage of attack vectors, and having static backup codes available would further detract from that protection.

    Using an authenticator app that can sync or be backed up separately from you "whole-device" backup may be something worth researching.

    Ben

  • sraymond
    sraymond
    Community Member

    Thank you, do you know which authenticator apps do that?

  • Off-hand I believe Google Authenticator and Authy can but my personal experience with any of them is very limited. Sorry I don't have more information available.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @sraymond: And to clarify, you don't need to rely on something else to backup everything you need to access your account anyway. If you save the text TOTP secret and/or QR code for two-factor authentication somewhere secure (just as you do your Emergency Kit), you can always setup a new device to generate the code even if something happens to the one you set it up on initially. Cheers! :)

  • kpomarece2
    kpomarece2
    Community Member

    Hello, the same thing has happened to me. I have access to an application on my macbook but everywhere else is requiring i provide the 2FA. Is there a way to disable 2FA from the 1password app?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @kpomarece2: Please see my reply above. Two-factor authentication can only be enabled/disabled through the 1Password web interface.

  • MacKopes
    MacKopes
    Community Member

    I just turned on 2FA myself. (I have also ordered a few YubiKeys to try out your new support for these!)

    One thought/comment on this 'lost authenticator challenge'..:
    Would you be able to add the capability to add 'multiple' Authenticators to your account. (and name them like it appears you can do with the U2F keys?) That way, you could have say 1 Authenticator on a Phone, and another on a Tablet or something. (or a Partners phone).

    I have avoided turning on 2FA for this 'single point of failure' issue myself.. Now that you have the ability to add U2F keys, I think it will mitigate it (as I can keep a U2F key in a safe deposit box)

  • Hi @MacKopes

    You can already do that. :) Just scan the QR code from both devices. You can even print the QR code to have a backup for the future.

    Ben

  • MacKopes
    MacKopes
    Community Member

    Thanks Ben! I actually DID find this information on another post about 10 minutes after I posted!
    Maybe a 'tip' on the 2FA page would be useful on how to do this for people. (as I found a number of posts on the forum asking the same question)

    Keep up the good work!

  • Glad to hear that worked out, and thanks for the suggestion and kind words. :)

    Ben

  • majortom
    majortom
    Community Member

    Any plans to view the 2FA code on the emergency kit?

  • Hi @majortom

    No definite plans at this point but it is something that we'll be discussing.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @majortom: But you can put it there if you want to -- just like your Master Password. ;)

  • majortom
    majortom
    Community Member

    @brenty Thats my workaround :-) But a automaticly created QR-code + code in plain text on the emergency kit would be much better.
    That shouldn't be too much effort for your developers? And it would help users like @sraymond a lot.

  • :+1:

    Ben

  • mrsigma2k
    mrsigma2k
    Community Member

    I didn’t want to start a new thread but I’m trying to sign in on my gaming laptop. I have all of my login credentials but I also have 2FA turned on. When I use an app like Authy to scan the QR code found within the 1Password App, it tells me that it’s invalid. To that end, I’m not able to get a 6-digit authentication code.

    Am I missing something?

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @mrsigma2k! Welcome to the forum!

    When I use an app like Authy to scan the QR code found within the 1Password App, it tells me that it’s invalid.

    That QR code is not for 2FA, it's used to add a 1Password account to a 1Password app. You can find your 2FA QR code when you first enable 2FA in a browser, not in the app.

    As a first quick attempt, can you please try the following and see if it helps? Go to a browser where you’ve signed into 1Password before (it’s important that you try this on a known browser, even on a different device) and sign in to your account on 1Password.com. Then, click your name in the top right and choose My Profile. Finally, click More Actions > Turn Off Two-Factor Authentication.

  • mrsigma2k
    mrsigma2k
    Community Member

    None of my browsers are known to 1Password as I’ve never signed in via a browser save for when I initially set up the account on a computer or other device that I no longer have.

  • ag_ana
    ag_ana
    1Password Alumni

    Understood @mrsigma2k! We can go through the verification phase to help you disable 2FA for your account. I will reach out to you via email shortly so we can start the procedure over there without sharing personal information on a public forum.

  • mrsigma2k
    mrsigma2k
    Community Member

    Thank you Ana. I’ve received your email and have responded.

  • ag_ana
    ag_ana
    1Password Alumni

    @mrsigma2k, you are very welcome! Thank you for the update. We will get back to you over there as soon as possible.

    Thank you for your patience! :)

This discussion has been closed.