Feature request: backup keys / email for 2FA

Hi guys,

Its great we can setup 2FA to login to 1Password.

However, what if we lose the phone with the authenticator app?

An article on 1Password site says we can still login and reset the 2FA from the authorized devices. Some people (like me) delete their browsing, etc on browser exit, so browsers are not consistent and require 2FA on each login, so a no go.

It narrows it down to a phone and 1Password Windows/MacOS app but if the phone is lost, its only 1Password app.

So what if it will glitch or something? It will literally mean we are stuck with locked 1Password account.

Maybe it will be a good idea to generate backup 2FA keys and allow users to download them to avoid a scenario like this? Or just allow an option to email a one-time backup key to user's email once all credentials are entered and the user is stuck on 2FA screen? Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_tommyag_tommy

    Team Member

    @Captain_Hook

    If you're part of a 1Password Business membership, your IT team should be able to assist. Otherwise, we'd need to put you in touch with our security team. In that case, please reach out to [email protected] from the email address associated with your 1Password membership.

    Perhaps this is something we can improve on this in the future. Thank you for sharing this with us.

  • edited April 6

    @Captain_Hook 1Password allows 2FA to be disabled by email, but this takes time and requires users to jump through some security hoops. As email is not as secure as using an authenticator app, I think this is a better solution for most users. However, make sure you can access your email account after deleting cookies.

    There are a number of ways you can back-up the secret stored in your authenticator app:

    1. Use an authenticator app which stores then off-line like Yubico Authenticator;
    2. Use an authenticator app which backs them up locally like Aegis;
    3. Use an authenticator app which backs them up to the cloud and syncs across devices like Authy;
    4. Scan the QR code with more than one device, e.g. your phone and a friend's;
    5. Print or save the QR code for scanning later when you need to recover;
    6. Print or save the manual entry long term secret for entering later when you need to recover.
  • Hi missingbits,

    Thanks a LOT for this, its super helpful! I will go ahead and create a backup from my Aegis. I can now safely enable 2FA in 1Password.

  • ag_tommyag_tommy

    Team Member

    :chuffed:

  • (I have nothing but praise for the AEGIS app)

  • ag_anaag_ana

    Team Member

    Thank you for the feedback @jmjm :+1::)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file