Is it safe to use one application (1password) for password management AND one-time passwords?

jaglom

I have been a HUGE fan of 1Password for nearly a decade now, and proselytize anyone I can find to adopt it.

I've also recently become aware of the dangers of using SMS for two-factor authentication, and have switched as many accounts as possible to an authentication app. I like the implementation of one-time passwords on 1Password, and using it for this purpose instead of my current app would be much more convenient for me, but I worry about "putting all my eggs in one basket." In the unlikely event that my 1Password account were compromised, a hacker would have immediate access to all of my passwords and the associated two-factor authenticators in one place.

Any thoughts on this? Like I said, I'd love to switch the 2FA over to 1Password, but don't want to end up being less secure in doing so.

Thanks!

---

1Password Version: 7.3.2
Extension Version: Not Provided
OS Version: OS X 10.14.5
Sync Type: 1Password Store

Ben

Hi @jaglom

This is a good question; thanks for taking the time to ask it. I think some of the thoughts shared in this thread may help your decision making:

Why is it a good idea to store 2FA tokens in 1Password? — 1Password Forum

Ben

jaglom

Thanks for sending me over there, Ben, great discussion. I'll have to think over the right posture for me, and possibly have a slightly different implementation for different accounts.

Ben

You're very welcome. :+1:

Ben