2FA authentication method and backup

FreddyBeach34
FreddyBeach34
Community Member

Good day.

My company uses 1PW, and provides a family membership to employees, so I am trying to get the family setup.

I have questions on 2FA and TOTP, maybe I am misguided.

Reading the article below, I see 2FA as protecting my 1PW acount, but I need to use a another autenticator, such as the MS Authenticator.
I am using MS_Auth for MS_Teams etc, no issues. But, this would be for my personal 1PW subscription, and I use my cell from employer 99% of time, my personal cell has the most basic of packages and sits in my office all the time. I gave up carrying two cells. If my employer were to suddenly cease my employment, how would I be able to access my 1PW account if I no longer had that cell phone? Is is possible to setup a backup 2FA - on my personal cell #, or using a Yubikey.

https://cleversupport.ca/article/enable-two-factor-authentication-for-1password/

Using 1PW for TOTP.
Is it best practises to keep some essentials out of 1PW?
Example - should the email account that I use a backup, have password that I remember and a backup TOTP method, incase my 1PW account is hacked etc.

Any steps by step getting started that could walk me thru this?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hey @FreddyBeach34:

    Great questions! Two-factor authentication for 1Password works differently than most places, which should resolve your concerns. Two-factor authentication with your 1Password account is only used when adding your 1Password account to the 1Password app on a new device, and from that point on is no longer needed to unlock the 1Password app. Given this, if you were to lose access to your phone with your authenticator app, you would still be able to log into your 1Password account and turn off your two-factor authentication. Additionally, security keys (like Yubikey keys) are available as a two-factor authentication method after adding an authenticator app.

    Jack

  • [Deleted User]
    [Deleted User]
    Community Member

    @FreddyBeach34 There are a number of ways to backup a TOTP-based authenticator app:

    1. Print/save the QR code shown when setting-up 2FA;
    2. Print/save the TOTP secret usually shown next to the QR code when setting-up 2FA;
    3. Scan the QR code with authenticator apps on two different phones, e.g. work phone and personal phone;
    4. Use an authenticator app that backs-up your TOTP secrets and sync's them across devices like Authy;
    5. Use an authenticator app that backs-up your TOTP secrets locally like Aegis.

    I keep a separate offline record of the credentials for my email and cloud storage accounts in case I need them for recovery.

  • Thanks for the additional input @rootzero! :+1:

This discussion has been closed.