Windows and Android both suddenly enable 2FA without being asked? Now locked out of account.
Recently I read the widely-circulating 1PW article refuting LastPass's "million years to crack" claim. I took the hint and decided I was going to login to my account and change my password to a randomized 12 digit one, as seemingly recommended in article.
The layout of the website landing page(s) seem to have changed completely from my last visit a couple of weeks ago. Now, instead of needing just my email and my Master Password, I was also asked for my Secret Key. On top of all that, I was then also asked to provide a 6-digit code from an Authenticator app. Previously I only needed my email and Master Password.
I never turned on these extra steps / 2FA requirements (requiring the Secret Key as well as an Authenticator app code). Did 1PW just decide to enable them for everyone after what recently happened to LP?
The problem with getting back into my account is that I do not see 1PW in my MS Authenticator app on my phone. I tried recovering any possibly saved MS Authenticator app settings/files from my cloud backup file(s), as well as deleting and re-installing the MS Authenticator app in order to see if re-installing a clean copy would recover / re-install any previously saved account(s). Neither worked.
I still can access the basic password app settings on both my laptop and my phone, but I cannot log into my actual account itself in order to change anything, such as the Master Password I was attempting to change in the first place to make it more "safe".
I clicked through on "having trouble on signing in", verified my email address, and received the link on how to recover accounts, but nothing listed there applies. I am the only account holder / administrator.
Why in the world would everything needed to get into one's account that they would have hard-copies of at home then hinge completely on access to a mobile phone Authenticator app code ( such as knowing the initial laptop or phone login, account email address, full Secret Key, the Master Password) ? Something that could easily go wrong, for a variety of reasons (unfamiliarity with using the Authenticator app, your kid accidentally deleting it while trying to install something new on your phone, change of phones / transfer of data to new phone, etc)? And from everything I have been reading on this forum as well as the Reddit 1PW forum I am essentially screwed and have to delete the entire account and start over from scratch (thankfully I backed up my laptop's browser saved passwords and other data). Since I cannot get into the 1PW account, HTH can I get a code or QR code to install 1PW on the Authenticator app with? It's a circular argument. (entering the 1PW "Secret Key" for the "Secret Key" code asked for inside of the MS Authenticator app when trying to manually enter the info into the app to create an account there doesn't work either)
What just happened? Why no other recovery options (text message code/link, phone call, customer service, anything)? The whole thing just seems nuts. Even a second "Really, Really Secret Key" would be a better option than this weak link. And I never set 2FA up in the first place.
What happens when someone has their only phone stolen or damaged (with the Authenticator app installed), and cannot get the backup file(s) to re-install on a new phone? What if you're travelling and need to login to someone else's computer (at the travel agent's, or the police to track your phone) and need access to 1PW stored PW's? And a myriad of other worst-case scenarios. And it wouldn't even matter if you carried along on printed papers with all of the login info & codes you needed to get into your account, solely b/c you cannot access an Authenticator app.
I first installed 1PW one month ago on my laptop. I set everything up at the 1PW website, exported all of my saved PW's from my Edge browser over to 1PW with just a few hiccups, deleted PW's and other saved data from the Edge browser, and everything seemed to work fine. A couple of weeks ago I then installed on my Android phone. I cannot remember clearly (it has been an extraordinarily busy month), but I vaguely recall needing to install the MS Authenticator app and enter an approval code in order to install the 1PW app. That was the last time I was logged fully into the 1PW website and my account.
Over the past two weeks, business as usual, with both the laptop and phone seeming to work just fine. Every time I have re-booted my laptop, I have to enter my Master PW the first time I try to auto-fill a PW on a website, but then for the rest of the session no issues. Also no issues on the phone, until today....
Added note: I did connect my new phone to my old phone a couple of times with Samsung Smart Switch to move text messages and other data over to the new phone. I have no idea if that may be part of the issue (moving data over from the old phone).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided