Question about 1Password Account 2FA
Does this impact login into vaults?
I don't want to enable it without knowing what it impacts first.
Also another concern I have is that I exclusively use 1Password for my 2FA solution, I was sick of other Authenticator Apps (like Google Authenticator) being tied directly to the phone and specific install. Got bitten too many times by losing all my 2FA codes just because the app was deleted, or reset themselves, or the phone dying and getting replaced. the 1Password 2FA was the perfect solution to this.
Actually on that, if it does impact access to the 1Password vaults, does your own 2FA support disallow adding a 1Password Account 2FA into the vault? I could imagine a scenario where someone sets up the 1Password Account 2FA to be inside a password item in the vault and locking themselves out of their vault 😬
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Does this impact login into vaults?
When you enable 2FA on your 1Password account, a second factor will be required to sign in to your account on a new device, in addition to your Master Password and Secret Key. It won't affect your day-to-day unlocking of 1Password, after that first sign-in.
Actually on that, if it does impact access to the 1Password vaults, does your own 2FA support disallow adding a 1Password Account 2FA into the vault? I could imagine a scenario where someone sets up the 1Password Account 2FA to be inside a password item in the vault and locking themselves out of their vault 😬
Yes, that's possible if they have also lost access to all devices which are signed into 1Password. (2FA can be disabled from a signed-in device). We'd definitely recommend using a different authenticator app to store the authentication codes for your 1Password account.
(For important logins - like 1Password or my email - I personally choose to scan the QR code on two phones)
You'll find more information in this Two Factor Authentication support article.
0 -
It won't affect your day-to-day unlocking of 1Password, after that first sign-in.
Awesome. that's good to know. thanks 🙂
Yes, that's possible if they have also lost access to all devices which are signed into 1Password. We'd definitely recommend using a different authenticator app to store the authentication codes for your 1Password account.
Now I'm extra curious. Is that something which is warned about when setting up the account level 2FA? be it either on the page with the QR or when you scan the QR.
For important logins - like 1Password or my email - I personally choose to scan the QR code on two phones
Good tip. I don't have two phones though 😆 which is why I like the 1Password 2FA solution, because I am signed into 1Password on multiple devices.
0 -
Is that something which is warned about when setting up the account level 2FA?
Yes, when you scan the QR code. "On your mobile device, install an authenticator app and use it to scan this QR code."
You can add hardware security keys too, if you're worried about losing access to your OTP code. I like the YubiKey.
I don't have two phones though 😆
Ah, the benefits of me being an iOS developer. Phones everywhere! 😉
0