1Password SMS 2FA Service

This is more a feature suggestion than a question, so please let me know if it's the wrong place to share!

A huge security problem is websites using SMS to implement 2FA, or having a phone-based "fallback" for when I lose my 2FA token. I see this as a problem 1Password could solve for its users. Specifically:
1. 1Password would offer a paid service where you get a designed phone number that you provide to websites that use SMS 2FA/Fallback.
2. 1Password would pinky-swear promise that this number is perma-linked to your account and can never be ported anywhere never ever period.
3. When logging in to this website, the service would send an SMS that 1Password receives and forwards to the 1Password client
4. The 1Password client receives the code and enters it, making the user experience identical to using a token-based OTP.

And for anyone looking for an interim solution: you can use a designated Google Voice account for this purpose. I am told it is hard or impossible to social engineer Google into porting a number out, and at the very least this designated number is much harder to know than my everyday phone number.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:i would really love to see 1password have a paid service where you get a textable phone number for SMS 2FA and they pinky-swear promise that it can never be ported anywhere ever

Comments

  • I "hate" SMS 2FA and love this idea.

    However, I wonder whether it's commercially feasible for Agilebits (I have no idea how costly it is to purchase a lot of phone numbers and handle a lot of SMS messages).

    In an ideal world nobody would be using SMS for 2FA, but unfortunately that's often the only (and required) option...

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file