2FA Recovery Process Insight
Hi,
I am wondering about the process of recovering a 1Password account when 2FA is lost.
So in cases where the user knows their password but is unable to input their One Time Password or Hardware Token.
I have read a post that states "It is possible to get two-factor authentication reset if you have lost it, but only after a full review by our security team to prevent misuse" [1].
Would it be possible to provide more insight into this review process that occurs?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @Oddycm. Lars from the Security team here. There's not any kind of programmatic set of steps or process for this that you can refer to in every case. That's because each case of this is a little different, depending on circumstances. In general, it would involve you writing to support@1password.com via email, after which we would ask you a series of verification questions about your account which would vary depending on the specific circumstances and would be used to establish your identity to the extent possible. If you're able to answer enough of those questions correctly and unambiguously, we can reset 2FA for your account.
Having said that, things have changed a bit with regard to 2FA on your 1password.com account since the date of that post in early 2019. Back then, you needed to turn off 2FA via a web browser, which required you have access to a browser in which you'd already previously signed into your account. But since that time, we've added the ability to turn off 2FA within the 1Password apps themselves (presuming you aren't part of a 1Password Business account whose administrator or owner has turned on the Require 2FA feature). If you're an individual or 1Password Families user, however, there are now multiple ways you can turn off 2FA for your 1Password account. Enough so that it should be a rare instance where anyone cannot use at least one of the methods. However, if you find yourself in such a position, you can still write to us. We will help if we can, but the process can take a few days and we do tend to err on the side of not resetting this protection if we aren't quite sure you are who you say you are. :)
The easiest way to make sure you don't have to go through the process is to make sure you use 1Password on multiple devices where you can, in the event of a lost authenticator app or the like, disable 2FA for yourself, then sign in and re-establish it.
0