To protect your privacy: email us with billing or account questions instead of posting here.

Returned to 1 password . Why no alternatives to authenticator apps for 2FA?

Brian_79
Brian_79
Community Member
edited February 2021 in Memberships

Some security concerns. If I lose my authenticator app I am effectively locked out of my account. Why no backup alternatives...eg. phone message/ email? This has happened to me before and lost all data after losing my phone.

Why can't i open 1 password with face recognition?

I was astounded to see that i can access my vault in a Firefox browser? How secure is that?


1Password Version: 7
Extension Version: 1.21.3
OS Version: 11.3 Big Sur
Sync Type: ?
Referrer: forum-search:Why no alternatives to authenticator apps?

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @Brian_79!

    Why no backup alternatives...eg. phone message/ email?

    Phone messages are an insecure method of delivery, and rather than using email, there are built in backup mechanisms that you can use when you lose the authenticator app:

    If you lose access to your authenticator app

    Why can't i open 1 password with face recognition?

    You can :+1: Here are the instructions to enable Face ID in 1Password:

    Use Face ID to unlock 1Password on your iPhone or iPad Pro

    I was astounded to see that i can access my vault in a Firefox browser? How secure is that?

    Do you have specific concerns or questions about it? In the meantime, you can read about our security here:

    About the 1Password security model

  • [Deleted User]
    [Deleted User]
    Community Member
    edited February 2021

    @Brian79 You can use YubiKeys and other hardware security keys as a more secure alternative to authenticator apps. To protect yourself against losing the device where your authenticator app is installed your can:
    1. Scan the 2FA QR code with more than one device, e.g. a family member's device;
    2. Print or save the manual entry long term 2FA secret so that you can set-up another authenticator app;
    3. Use an authenticator app like Authy which allows you to backup and sync your 2FA tokens across devices.
    If this fails then you can turn-off 2FA on a device which has already been authorised. If you don't have any authorised devices to hand, but still have access to your email account then the security team will be able to help you.

  • DenalB
    DenalB
    Community Member
    edited February 2021
    1. Scan the 2FA QR code with more than one device, e.g. a family member's device;

    That is exactly what I do to prevent loosing my TOTP when loosing or breaking my device. ;)

  • Brian_79
    Brian_79
    Community Member

    Thank you...very helpful. Still unsure what this means "Print or save the manual entry long term 2FA secret so that you can set-up another authenticator app;" What is a "long term 2FA secret"?

  • ag_ana
    ag_ana
    1Password Alumni

    @Brian_79:

    When you scan a QR code with a TOTP, there is a key behind it, which is used to activate 2FA for the specific website. It looks something like this:

    otpauth://totp/Website:username@domain.com?secret=KJABC75AHJCVCA55AJK

    Sometimes websites show this information below the QR code if you want to print it or store it separately.

  • Brian_79
    Brian_79
    Community Member
    edited February 2021

    Thanks ag_ana

    One of the problems i'm having is the generation gap. Having been around computers since the 80's I'm not too out of the loop but what has changed constantly is the use of language and common usage such as acronyms. I'm vaguely aware of what QR does ( not what it means) but "TOTP"? I suppose I could look them up. This is one of the reasons I stopped using 1 Password a long time ago - 1) too complex 2) instructions presume too much and incomplete. I have had to contact Eero support, 1 Password support, 1 password community, and web search to get 1 password installed and working. 3) constantly having to use the master password to access the app. and or command+. 4) unable to customize my own passwords within the app - some websites are particular in use of some characters. I had returned to 1 password ( used it when it first came out -and Canadian!) because it was part of a mesh system subscription package so I thought I would try again. When I teach my older adult classes I mention "1 password" but rarely "IMO" recommend it because of its complexity. However, thanks so much for your help..and I will persevere to try and make it meet my needs.
    Cheers,
    Brian

  • DenalB
    DenalB
    Community Member

    Hey Brian,

    1Password staff and we from the community are doing our best to help people understand how 1Password is working. Yes, 1Password is not the easiest software to handle, but I think it is worth the time investigating and trying to find things out. ;)

    We all are here to help. And if you (and all the others) have questions don't hesitate to ask right here in the community. :+1:

  • [Deleted User]
    [Deleted User]
    Community Member
    edited February 2021

    @Brian_79 I went through the same learning curve about 6 months ago.
    The two dimensional bar codes displayed on screen and used to configure authenticator apps with the two factor authentication (2FA) details are often called QR codes. They are based on the Quick Response codes often used on posters and the like to take smartphone users to websites. In this case they include the long term 2FA secret, the website name/address and sometimes the username. This saves you having to type these details by hand into your authenticator app when setting up the 2FA.
    The long term 2FA secret and the current time are used by the authenticator app to generate Time-based One Time Passcodes (TOTPs) which change every 30 seconds. These allow you to prove you're holding the secret without actually revealing that secret. You enter them into websites in the same way you would a 6 digit code received via SMS text.
    If you are using the latest version of 1Password in the browser, formerly known as 1Password X, then you can choose the default recipe for suggested passwords. Click on the 1Password extension icon then the '+' symbol then Password Generator. Here you can generate passwords according to a number of pre-defined recipes, adjust the recipe, manually edit the resultant password and choose the default recipe for suggestions.
    Let us know if there's anything else we can do to help.

  • Brian_79
    Brian_79
    Community Member

    Thank you missingbits. Very helpful. Cheers,
    Brian

  • ag_ana
    ag_ana
    1Password Alumni

    @Brian_79:

    I'm vaguely aware of what QR does ( not what it means) but "TOTP"? I suppose I could look them up.

    TOTP stands for Time-based One-Time Password. Basically, it's one of those 2FA codes that you can see in your authenticator app ;)

    You can read more about it in this Wikipedia page.

This discussion has been closed.