Two-Factor Authentication (2FA)
I know this has been discussed before, but would like advice on the above topic.
I currently use the Google Authenticator app to supply 2FA sign-on codes for Dropbox, Amazon, and other services. I do not like, however, that Google Authenticator is a device-specific app. I travel a lot, and if my iPhone is lost or stolen, I am concerned about losing access to my 2FA codes. So I plan to migrate to 1P as my cloud-based authenticator app. I know how to go into a service (e.g., Dropbox), turn off 2FA, then reactivate it using 1P as the authenticator. So no problem here.
Now, to my question: If I also activate 2FA for 1P, where/how can I obtain the 2FA sign-on codes when needed? If I don't want to use the Google Authenticator app (or any device-dependent app), what are my options? Thank you.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @Newbie2018!
Now, to my question: If I also activate 2FA for 1P, where/how can I obtain the 2FA sign-on codes when needed?
By this, do you mean activating 2FA for your 1Password.com account itself?
0 -
Yes. Thank you for the clarification.
0 -
Gotcha. In that case we recommend using a 3rd party app to generate the TOTP codes for your 1Password account. Authy, Google Authenticator, and Microsoft Authenticator (as well as a host of others) should be able to do this for you. You can also store the TOTP secret for your 1Password account in 1Password, but we would strongly recommend against having that be the only place. Additionally you can print the QR code used to add the TOTP secret to said apps, so at any point in the future you can scan that code again to set up a new app.
I hope that helps. Should you have any other questions or concerns, please feel free to ask.
Ben
0 -
Thank you Ben. But if I continue to use Google Authenticator, it seems like I'm still stuck with a device-dependent authentication app, exactly what I'm trying to avoid. Or am I missing something in your response?
0 -
That was the original intention of 2FA. :) The idea was that you were supposed to have to have two factors:
- Something you know (e.g. a password)
- Something you have (e.g. a physical device)
That isn't how it is always implemented, and indeed 1Password doesn't force this requirement. If you're storing your code in 1Password as well as Google Authenticator then you should be able to access it on any device you've already authorized to your 1Password account. And like I mentioned, you can also print the QR code, so that any device can be set up to generate codes at any time by scanning the QR code.
Does that help? Please let me know.
Ben
0 -
OK. Thanks.
0 -
You're very welcome. :) If there is anything else we can do, please don't hesitate to contact us.
Ben
0