16 character code (setup 2fa)

F_9083xF_9083x
Community Member
in iOS

Hi ,

First of all : thanks for all the good work concerning 1password ❤️

I have a question about the the “Set up two-factor authentication”

The website of 1Password mentions:

“To save a backup of your two-factor authentication code, write down the 16-character secret next to the QR code and store it somewhere safe, “

My questions are:

  1. I skipped the storage of this 16 character code during the setup. Is it ok to forget this step? In other words if I loose my 2fa device ..can 1password help me out?
  2. What is worst thing that can happen when a bad guy gets hold on the 16 character code?

Thanks for answering !


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Dave_1PDave_1P

    Team Member

    Hello @F_9083x! 👋

    Good questions! I'll answer them directly below:

    I skipped the storage of this 16 character code during the setup. Is it ok to forget this step? In other words if I loose my 2fa device ..can 1password help me out?

    Saving a backup of your two-factor authentication code is optional but it ensures that you'll be able to re-create your one-time passcode if you lose your authenticator app. If you'd like a second opportunity to save the code then you can disable two-factor authentication for your 1Password account, delete the old one-time passcode stored in your authenticator app, and then go through the process of turning on two-factor authentication again.

    If you lose your authenticator app but still have access to 1Password on one of your devices then you can still turn off two-factor authentication using this guide: https://support.1password.com/two-factor-authentication/#if-you-lose-access-to-your-authenticator-app

    What is worst thing that can happen when a bad guy gets hold on the 16 character code?

    If someone were to get their hands on the 16-character TOTP secret they would be able to enter that secret into an authenticator app on their device and re-create your one-time passcode. However, without your Secret Key and your account password they still would be unable to access your 1Password data.

    I hope that helps. 😊

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file