Logging into 1PW in an EMSEC Environment

Covakel
Covakel
Community Member
in Lounge

I may have a bit of a fringe case here, but I'm wondering if there is a way forward I'm not seeing.

So I've recently gotten on board with 1PW and I've migrated all my data into my Vault. While doing that I'm taking the opportunity to reset all my password, setup 2FA wherever I can, basically doing a whole security overhaul.

Now to the crux of the issue, I work in a high security environment, basically, no personal phones allowed, no smart devices of any kind, strictly controlled networks, can't install any of my own software, but we are allowed to have our personal account logged in on our we browsers so we can get our personal email, Facebook, stuff like that.

The problem I'm having is getting into my 1PW to get my passwords. How I used to do this is to write 1 or 2 of my backup codes with me and take them into the office where I could bypass 2FA and get onto my accounts. But since 1PW doesn't use one time codes, I'm haven't a bit of trouble.

Is there an obvious way around this I'm not seeing?
TIA

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @Covakel!

    The problem I'm having is getting into my 1PW to get my passwords. How I used to do this is to write 1 or 2 of my backup codes with me and take them into the office where I could bypass 2FA and get onto my accounts. But since 1PW doesn't use one time codes, I'm haven't a bit of trouble.

    Just wondering: are you allowed to bring a personal security key at work? If you are, you could configure 1Password to ask you for your key instead of your TOTP codes:

    Use your U2F security key as a second factor for your 1Password account

  • Covakel
    Covakel
    Community Member

    Hi @ag_ana
    No, I'm not allowed to connect any kind of device to our computer systems.
    Any other options?

  • ag_ana
    ag_ana
    1Password Alumni

    @Covakel:

    Other than disabling 2FA for your 1Password account, I don't believe so :(

  • [Deleted User]
    [Deleted User]
    Community Member
    edited March 2021

    @Covakel Would you be allowed to take in a programmable hardware token? These are a hardware replacement for time-based one time password (TOTP) authenticator apps. They can be programmed with the long term secret and include a display, so they don't need to be connected to your computer systems.

    https://www.token2.com/shop/category/programmable-tokens

  • Covakel
    Covakel
    Community Member

    Would you be allowed to take in a programmable hardware token?

    Yes as long as the device didn't have any kind of transmitter or receiver.

    @ag_ana if I disable 2FA on my account, then go into my office, login, the re-enable 2FA, will it maintain my session or will it kick me out?

    Seems like this would be a good reason to have 1 time backup code. Even if 1PW just generated 1 at a time for a specific use.

  • ag_ana
    ag_ana
    1Password Alumni

    @Covakel:

    if I disable 2FA on my account, then go into my office, login, the re-enable 2FA, will it maintain my session or will it kick me out?

    I think you would have a different issue: because at the moment not every 1Password app supports hardware keys, activating an authenticator app is a required step when you enable 2FA. You can always choose to use a hardware key, but in case you want to use 1Password on a device that does not support hardware keys, you would be able to login with a TOTP code in that case.

    But this means that if you try to enable 2FA at the office, you would be prompted to enable an authenticator app first, which is something that in your case your are not allowed to do unfortunately.

This discussion has been closed.