Authenticator App
I am confused on the Two factor authentication. 1Password gave me steps to scan in a QR code to set it up but I can't even access it to use it on my phone now. I found an app for Google Authenticator, but I don't have it installed and will have to go through another mess of codes to get it installed. I went to my Google Account and it has no mention of 1Password and only mentions the Google password manager. What got set-up on my phone with the QR code? How do I find it to use it?
I was expecting to use text message authentication in combination with password for the two factor authentication since I only access my 1password account on my PC.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
@jeffer23 1Password does not support two factor authentication via SMS text. I think this is a good thing as it can easily be compromised by signalling system 7 and SIM swapping attacks.
Google Authenticator is a standalone app and is not tied to your Google account. Your two factor authentication secrets are only stored on your phone. So if you lose your phone or factory reset it then you lose the two factor authentication codes.
Any authenticator app compliant with the Time-based One Time Passcode standard will work with 1Password's two factor authentication. Install the app on your phone, open the app, scan the 1Password QR code and the enter the 6 digit passcode into the 1Password website.
https://support.1password.com/two-factor-authentication/
A number of these authenticator apps allow you to backup your 2FA secrets. In my opinion, Authy is the easiest to use for most people. It encrypts your 2FA secrets with a key derived fom your backups password and saves them in the cloud. Keep a separate record of your backups password and you will always be able to recover your 2FA passcodes.
0 -
Is this where I post for support?
It looks like I am at an endpoint and may have to cancel my account before the trial period ends. I am stuck in la la land.
I setup my account on Home Computer and Work Computer. All was working okay on the configuration side. I then decided to set up Two-factor communications. I have no idea how it got setup through my phone. I remember 1password showing me a QR code. It seems like I couldn't find any app and went to the camera to see if it would recognize the code. I some how got a code and entered it in 1password. 1password sent me an email saying my account is now protected by two-factor authentication. Now when I try to go to the site it wants my 6 digit pin. I get no notification from my phone that a request has been made. I don't see in the 1password software that I can get a new QR code.I have went through my phone and find no authenticator. I found an internet list of the Top 10 authenticators and none of them are loaded on my phone. I couldn't find that Verizon, Samsung, or Google contained one in their apps on my phone.
I have now installed Google Authenticator, but it wants a QR code which isn't available from 1password. I might as well delete my account before I get charged at this point unless there is some easy way out. How does 1password handle this if you lose your phone or it fails? What good is a key if the weakest link destroys the process?
0 -
You can also use the App Authy for 2FA.
But how you scanned the QR Code for the 2FA activation?
If i understand you right, you didn't used a Authentication app?0 -
@jeffer23 You must have used an authenticator app or Apple keychain to scan the QR code and generate the 6 digit passcode required to enable two factor authenticaiton. If you can't find the 6 digit passcode in an authenticator app or Apple keychain then you'll need to disable two factor authentication.
You can disable two factor authentication from any 1Password app where you are logged-in. If you are not logged in to a 1Password app then try logging-in to 1password.com from a browser where you have logged in before. If all that fails then send an email to support@1password.com from the email address you use for 1Password explaining the problem. They will ask you some security questions and disable two factor authentication for you.
Before enabling again, consider whether you need two factor authentication. The combination of account password and secret key already gives your 1Password account very strong protection. If you decide that you still want to enable it then choose an authenticator app that backs-up your two factor authentication secrets. I wouldn't recommend Google Authenticator because you lose your two factor authentication passcodes if you lose or factory reset your phone.
0 -
Thanks for your reply and help. I will reread your post later today when I get opportunity to attempt a solution.
At this moment I really only 100% want two factor authentication for my work computer (laptop). This is a laptop that I do not own. It is also used for occasional travel. If something ever occurred where I lost control of this laptop, it would be good to have peace of mind that the logon can't be done without use of my cell phone in addition to a password.
Right now I think I am overwhelmed with the process of getting all of my data into the configuration. So I probably don't have a proper feeling for long term use of the feature. Once I get most of my passwords and data entered the process will likely be less stressful since I also do programming (on my daily job - with overtime) which combines to cause mind fatigue when adding new stuff I don't know well.
Thanks again for the advice.
0 -
@jeffer23 If you lose one of your logged-in devices you can remove it from your list of authorized devices at 1password.com. You can do this whether or not two factor authentication has been enabled.
Two factor authentication is only required the first time you login to 1Password on a new device. Once you've entered your account password, secret key and two factor authentication passcode, a copy of your 1Password database is downloaded to the device. This is encrypted with your account password and secret key. Two factor authentication doesn't play any part in the encryption. So it doesn't help to secure your 1Password data on a device where you've logged-in previously.
Two factor authentication protects from the case where an attacker has your account password and secret key, but doesn't yet have a copy of your database. If an attacker has a device with a copy of your database then the main protection is provided by your device security and your account password.
0 -
I got two factor authentication disabled. What I don't understand is that I only remember trying to setup Two Factor Authentication in one browser. But it was active on two of my operating systems. Luckily it wasn't active on one system. I guess I need to look at the options in the software better in the future.
I tried to do too much too quick in doing this but I am racing to make sure I am happy before I get charged for the software. I think @rootzero got me what I needed to understand it when I revisit at some point in the future. I'll make sure I have my data mostly stable before I do it.
Thanks for the help.
0 -
@jeffer23 Two factor authentication is an account-wide setting. If it is enabled in your 1password.com account then you will need to enter a 6 digit passcode on any new device or browser. It is a means of authorizing a new device to receive a copy of your 1Password database, so it wouldn't make sense to only require it on particular devices.
0 -
I have three Windows 10 operating systems and an android phone. All of them were active with 1Password when I attempted Two-Factor Authentication. Two of the Windows 10 operating systems required a pin that I couldn't provide. One didn't require a pin. I did not try to access my account on the phone. Why did the one WIN 10 operating system not require a pin?
0 -
@jeffer23 Had you already logged in to 1Password on any of those devices?
Are you sure it was asking for a 6 digit passcode from an authenticator app? Or was it asking for a Windows Hello PIN?
0 -
I thought I did a screen capture of it but can't currently find it. It was definitely asking for a 6-digit pin from my Authenticator app. Here is a screen pic of what I received in email after I was able to turn it off.
0 -
I failed to answer part of your question and that may help solve what happened. You asked if I had already logged into any of those devices. It could be possible that I was currently logged into one Windows 10 system while I turned on Two-Factor Authentication on the second one. One of them is a Host PC. The other is a VMware Workstation Windows 10 VM. The Host did not have Two-Factor Authentication active, but the guest did.
EDIT* The Guest is where I started the process to activate it.
0
![[Deleted User]](https://wb.vanillicon.com/v2/b2b26d20f9d8e83917f1b2b1645573fc.svg)
