Two-factor authenticating - some basics
In some two-factor systems, I receive a push notice on my Android when I seek to log in on my PC through Chrome. If I tap OK on the phone, I get logged in on my PC. In those cases, I needn't enter a code. Is this possible with 1P/Chrome/Windows? Secondly, I'm sorry for asking such an obviously-asked-before question, but if I can't access my phone, how how do I log in to 1P to disable two factor? Lastly, perhaps it's a personal preference, but does one of the authenticator apps have an edge, particularly when logging in on a PC? Thanks!
1Password Version: Not Provided
Extension Version: 2.3.0
OS Version: Win 10
Comments
-
@jimmyweg Those are good questions and it's good to think about them before getting locked-out!
Authenticating to other services/websites
1Password supports the Time-based One Time Passcode (TOTP) standard used by authenticator apps. It doesn't support push notifications. My family uses Microsoft Authenticator for work/school accounts that use Microsoft Single Sign-On so that we can receive push notifications.Authenticating to 1Password
With 1Password you only need to enter your 2FA code once per device, unless using a browser and you set it to delete cookies. All of the 1Password apps allow you to disable 2FA under Settings -> Accounts -> [Account Name]. So as long as you're still logged in on one of your devices, you can always disable 2FA and start again.There are a number of ways of protecting yourself against the risk of losing all your devices:
1. Use an authenticator app that stores an encrypted local backup of your TOTP secrets like Aegis and keep a separate record of encryption password;
2. Use an authenticator app that stores an encrypted cloud backup of your TOTP secrets like Authy and keep a separate record of backups password;
3. Scan the 2FA QR code with two or more phones, e.g. your phone and a partner's phone;
4. Save the 2FA QR code or manual entry secret so that you can set-up another authenticator app in the future;
5. Print the 2FA QR code or manual entry secret and store it with your 1Password Emergency Kit.All that said, the most important thing is that your save your 1Password Emergency Kit. The 1Password team can reset your 2FA because it is just authentication. They cannot reset your Secret Key, so the priority is to make sure you have that somewhere safe.
0 -
Thanks very much!
0 -
Never mind! I feel, like an idiot! But, it is kind of a pain to have two codes to enter.
Ok. I installed Authenticator. When I open it to get the code, I'm prompted to enter a code or unlock my screen. I removed my screen lock app, so what do I do to get the pin? For now, I disabled two-factor. Thanks!
0 -
Hey @jimmyweg, just to clarify, are you trying to turn 2FA for your 1Password account (as opposed to setting up 2FA for your logins which are stored in 1Password)? If you are trying to turn on 2FA for your 1Password account, you can follow a guide that we have for that here: https://support.1password.com/two-factor-authentication/#set-up-two-factor-authentication
Basically, you would have to sign into your account at 1Password.com, turn on 2FA, grab the QR code that is provided, and scan it to Authenticator. After that, you'll get an authentication code from Authenticator. Enter it to your account at 1Password.com to finish the setup.
Let us know if you run into any trouble or if you have any other questions!
0 -
Thanks! I set it up just for my 1P account. Can I set it up for selected logins within my 1P Chrome extension? Can you give me a link with the instructions please?
0 -
@jimmyweg Yes, you can definitely use 1Password as an authenticator for sites that support such a feature. Here is a guide that we have on how to set that up: https://support.1password.com/one-time-passwords/
I hope that helps!
0 -
Thanks!
0