Feature Request: 2FA Backup Codes Section

FHT
FHT
Community Member

Hi! I've been using 1password for almost two years now, and I've always liked how easy it is to use.

But I've been wondering if an additional section can be added to a Login entry for 2FA Backup Codes. Currently I use the Notes section to store my 2FA codes, but they are in plain text and use a variable width font which is not ideal.

I would lo to see a dedicated section. were the codes are hidden—like passwords are—, use a monospace font for easier readability (the often come in groups with fixed amounts of letters/number) and to have a check next to them to mark them as "Used".

I like to have my 2FA in a separate app (for greater security), but I would love to easily and securely save my 2FA Backup Codes here.

Thank you for reading and your consideration.


1Password Version: 8.4.0
Extension Version: 2.1.4
OS Version: Windows 10 21H2 (19043.1348)

Comments

  • Gevor
    Gevor
    Community Member

    I second that!

  • BobW
    BobW
    Community Member

    When I stored some of mine in 1P, I stashed them into custom password fields like this:

    I figured if I used them, I'd add a date field adjacent to the code I'd used (something which, notably, cannot be done yet in v8) to record the date of use and to serve as a used marker. I never had the need to actually do that, however, as I've never used the backup codes.

    That last part pretty quickly led me to stop recording them at all. I just didn't see the point of recording them in the same place I record the main 2FA code. I don't see it as a security issue, but rather an accessibility issue. Basically, if I can't get to the main code in 1P, even with all of 1P's backup features and the backups I do on my own across the several devices on which I use 1P, then there's no way I'm getting to the backup codes stored in the same place. On top of that, most of the sites I deal with have ways of bypassing the 2FA, such as an admin or customer service clearing the code or use of an alternative verification method.

    And, I never bothered to store them somewhere else because I have enough trust in 1P and all those backups that I don't feel as though I'll ever need the backup codes. Frankly, I wish I could turn them off on sites, because they're often generated in such a way that they're cryptographically weak — I've seen some that are just 4- or 6-digit PINs. So I go to the trouble of creating and managing a long password for better security, only to have the site basically create a dozen-plus weak bypass codes that I'm stuck with 😡.

  • gussic
    gussic
    Community Member

    I just take a screenshot of the backup codes and store them as secure documents in 1P with the appropriate tags

This discussion has been closed.