Two-factor recommendations for 1Password master account?

josepk
josepk
Community Member

All,

When enabling two-factor within my 1Password master account (for logging into 1Password - not for other sites), do I get myself into a potential pickle if I pick 1Password as my 2FA app?

For example, what if (for whatever crazy reason) I cannot log into 1Password to retrieve my 2FA code? Is it best practice to use a 3rd party app for my 1Password 2FA login? I am using 1Password for all my 2FA-enabled websites, but thinking if I might get into a crazy circular reference one day where I can't log in to my 1Password account because I can't get my 2FA code and I can't get my 2FA code because I cannot log into my 1Password account.

Also, is there a text message-based 2FA option? I didn't see one - I only see an app and a security key (e.g, Yubikey) as an option.

Thoughts?

Thanks!

Joe


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:A question on two-factor set up for 1Password

Comments

  • Hi @josepk

    Is it best practice to use a 3rd party app for my 1Password 2FA login?

    Yes it is. :)

    "[I]t’s important to use a different authenticator app to store the authentication codes for your 1Password account" - https://support.1password.com/two-factor-authentication/

    Also, is there a text message-based 2FA option? I didn't see one - I only see an app and a security key (e.g, Yubikey) as an option.

    It is not. SMS 2FA is generally considered to be a less secure / insecure option:

    Feature Request: Secured 2FA Phone Number for sites that only enable SMS 2FA — 1Password Support Community

    (e.g.)

    I hope thatI hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • josepk
    josepk
    Community Member

    That does indeed - thanks, Ben!

  • You're most welcome @josepk. :)

    Ben

  • bear67512
    bear67512
    Community Member

    Hi @Ben, can i ask in this event, would 2FA generated by Yubikey more secure than 2FA generated by Authy? I am assuming that all the information is stored in the Yubikey itself. (I am using macOS and iOS).

  • [Deleted User]
    [Deleted User]
    Community Member

    Authy can be made very secure by disabling "multi-device" after setting up all your devices and by choosing a good "backups password". Its your "backups password" that is used to encrypt you 2FA codes, so it should be complex, unique and ideally different to you Authy "master password".
    However, 2FA via a U2F device like Yubikey will always be more secure because it protects you from the "man in the middle". The main risk with authenticator apps is that you can be tricked into giving your 2FA code to an attacker who can use it in real time to access your account. This is not a risk with a U2F device.

  • @bear67512

    Does the post from @missingbits answer your questions?

  • bear67512
    bear67512
    Community Member

    @ag_tommy yes it does. Thank you for asking. @missingbits - thank you for your reply and explanation.

  • Excellent! That's why I love our community.

This discussion has been closed.