Would you use 2FA on email
Hi y'all
I have my email password generated as the longest complex password available for my email. Since only 1Password has this password, and is protected by my master password and secret key, do you see any point in enabling 2FA for my email account separately?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Personally, I enable 2FA on anything that offers it. I would posit that your email would be one of the first to be secured, as illicit access could allow someone to pretend to be you.
0 -
@ag_tommy Cool, thanks for the info, do you yourself use 2FA through a separate app? Seems the one available for IOS would not backup to a new iPhone. My worry would ever being locked out of my email with 2FA. Right now, I just keep all that in 1P, and have that info backed up in a secure place.
Would I be fine, do you agree, if I would store the backup codes in 1P, then just see what happens when I get a new device, as I would have the back up codes as a secondary entry.
0 -
@tomatoshadow2 I keep a separate record of my 1Password account password, 1Password secret key, email account password and 2FA secrets for both. If you have the 2FA manual entry secret then you can always set-up another authenticator app when required.
0 -
@rootzero Thanks, yeah I keep all my stuff for 1PW backed up. I would have to set up 2FA on my email to get the backup codes, that’s why I’m trying to figure if it’s worth it, because I wouldn’t want to lose access to my email ever.
Because since my 1PW is already protected in a way with 2FA with the master password and secret key, my email should be fine, but maybe I’m over simplifying and not being over cautious with 2FA. Just worried if I would ever lock myself out of my email.
0 -
@tomatoshadow2 The main advantage of turning-on 2FA is that it protects you in the event that your email password becomes known due to a phishing attack, reverse proxy, etc.
Some of the email protocols don't support 2FA, but most providers allow you to set-up application specific passwords for those protocols. So your email programme uses a specific password saved only in that programme instead of the account password that allows changes to be made to your email account.
So its certainly worth turning-on 2FA and you can avoid lock-out by keeping your own record of the 2FA manual entry secret and/or any backup/recovery codes from the email provider.
0 -
@rootzero gotcha, is it a bad idea to store a copy of those backup codes in 1PW? I could also probably keep a paper backup locked up also
0 -
@tomatoshadow2 No, its much more important that you turn-on 2FA. So I would say store the backup codes in as many places as necessary to make you feel comfortable about turning-on 2FA.
0 -
@rootzero Yes I agree, I have turned it on and saved the backup codes, should be good to go. Thanks for your input.
0 -
No, I do not use a separate app. I did for a time way back when, pre 1Password TOTP codes etc. Now everything is in 1Password. I would concur there are several things you need to access in a pinch. Your email for one. I live in iCloud land so I can receive notifications via various methods for my iCloud account. If in doubt have a backup. Have two or three. I have local, off-site and off-site (safe deposit box) not to mention relatives who are capable of account recovery.
0 -
@ag_tommy Thanks for the info, would you also I set another form of recovery for my email as well? I have everything saved in 1PW for it and have my 1PW backed up in a safe deposit box just like you in written form, so right now, I don't multiple backups of my email. I have my email set up, just like 1PW, if I would lose anything, without backups, it would locked ( to this is the best feature, as you know though, I've saved it in 1PW, so that is not something I foresee) I'm not too worried, as I think the safe deposit box is the best place. I've grappled with where to put it for a while haha. It was actually your comments a while back on extra backups other then another device, that helped me decide.
0 -
Hey @tomatoshadow2:
That really depends on your situation. My personal Google accounts are just a chain of recovery emails all the way down (my most recent Gmail account has an older Gmail address as recovery email, and so on down the line). My current Fastmail account that I use for my 1Password accounts is only stored in 1Password, plus I'm signed into both my Fastmail account on all of my devices. I'm fairly confident that if something were to happen, I'd have at least one of my devices handy and accessible in order to recover.
On behalf of Tommy, you're very welcome!
Jack
0 -
@Jack.P_1P yes this is my setup with email, where my 1P email is only for 1P. Double extra security and I have everything saved in 1P for it, I agree, I always have at least one device with 1P signed in with me.
0 -
Sounds like a plan then!
Jack
0
![[Deleted User]](https://wb.vanillicon.com/v2/b2b26d20f9d8e83917f1b2b1645573fc.svg)
