Are there any backup 2FA codes for 1Password?
I am looking at setting up the 2FA for 1Password using authy. However I noticed in the course of setting up there is this reminder to save the 16 digit code. And I noticed that there is no backup codes like what you would normally see from setting up 2FA from a gmail account.
[1] Can I ask if the 2FA code is not available, what are the avaliable remedies to rescue the account? Is it by setting up by the same 16 digit code saved?
[2] Are there any good safe practices (concerning authy) to keep the 2FA safe?
[3] As I am being slightly paranoid, I see that there is an option to use a Yubico key - has anyone used this as a 100% success that the account will never be compromised?
Sorry, if this questions seem basic, I am genuinely interested in learning about this more in terms of contingency planning.
1Password Version: 1Password 7 Version 7.6 (70600005)
Extension Version: Not Provided
OS Version: 10.15.6
Sync Type: Not Provided
Comments
-
Great questions. I'd be happy to help with those:
[1] Can I ask if the 2FA code is not available, what are the avaliable remedies to rescue the account? Is it by setting up by the same 16 digit code saved?
2FA is only involved in the device authorization process. Once you've authorized a device you'll never be asked for 2FA again on that device unless it somehow becomes deauthorized. I'd suggest adding the 2FA code to both Authy and 1Password, so any of your devices will be able to help you. In the event you're unable to access any of your devices, and need to authorize a new one, you'd either need that code or to contact our security team to have 2FA disabled. It may make sense to print the QR code for 2FA and store it with your Emergency Kit.
[2] Are there any good safe practices (concerning authy) to keep the 2FA safe?
Not that I'm aware of.
[3] As I am being slightly paranoid, I see that there is an option to use a Yubico key - has anyone used this as a 100% success that the account will never be compromised?
Not at all, and it shouldn't be thought of as that. 2FA in general whether it be TOTP or a hardware key like a Yubikey is only one (small) component. A strong Master Password is still critically important. For example, someone who is able to steal the encrypted data from your device will not be hindered at all by your use of a hardware key. The only thing protecting you in such a scenario would be your Master Password.
If you have further questions please feel free to ask.
Ben
0 -
Dear Ben, thank you for your reply. I never expected the printed 2FA code to be used in this manner. So correct me if i am wrong, saving that SAME code will be used to create another code generating device - i assume then the codes will be generated the same as the original 2FA code generating device?
0 -
So correct me if i am wrong, saving that SAME code will be used to create another code generating device - i assume then the codes will be generated the same as the original 2FA code generating device?
That's correct @bear67512 :+1:
0