16 character code (setup 2fa)
![[Deleted User]](https://w2.vanillicon.com/v2/2b58017eb88e43e4a0e1d1c6e7daeeb3.svg)
Hi ,
First of all : thanks for all the good work concerning 1password ❤️
I have a question about the the “Set up two-factor authentication”
The website of 1Password mentions:
“To save a backup of your two-factor authentication code, write down the 16-character secret next to the QR code and store it somewhere safe, “
My questions are:
- I skipped the storage of this 16 character code during the setup. Is it ok to forget this step? In other words if I loose my 2fa device ..can 1password help me out?
- What is worst thing that can happen when a bad guy gets hold on the 16 character code?
Thanks for answering !
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hello @F_9083x! 👋
Good questions! I'll answer them directly below:
I skipped the storage of this 16 character code during the setup. Is it ok to forget this step? In other words if I loose my 2fa device ..can 1password help me out?
Saving a backup of your two-factor authentication code is optional but it ensures that you'll be able to re-create your one-time passcode if you lose your authenticator app. If you'd like a second opportunity to save the code then you can disable two-factor authentication for your 1Password account, delete the old one-time passcode stored in your authenticator app, and then go through the process of turning on two-factor authentication again.
If you lose your authenticator app but still have access to 1Password on one of your devices then you can still turn off two-factor authentication using this guide: https://support.1password.com/two-factor-authentication/#if-you-lose-access-to-your-authenticator-app
What is worst thing that can happen when a bad guy gets hold on the 16 character code?
If someone were to get their hands on the 16-character TOTP secret they would be able to enter that secret into an authenticator app on their device and re-create your one-time passcode. However, without your Secret Key and your account password they still would be unable to access your 1Password data.
I hope that helps. 😊
0
