Authenticator for sites with two-factor authentication

hackettsci
hackettsci
Community Member
edited February 2023 in Business and Teams

I think that the use of 1Password building in your 2FA into your login is an interesting feature https://support.1password.com/one-time-passwords/ but does seem like a security risk to us.
Is there anyway to turn off this feature for our employees through the admin portal?
Thanks,
Paul


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hello @hackettsci,

    Thanks for asking about storing two-factor authentication codes in 1Password. While I understand your concerns about storing account credentials along side two-factor authentication credentials, there is some nuance to keep in mind when making this kind of a decision for your team. For that, I'd encourage you to read this old, but still useful blog post, TOTP for 1Password users.

    • If your team needs the added security of a second authentication factor, you may want to encourage them to store their authentication codes on another device or app, separate from 1Password. Hardware security keys are worth considering here, since they would represent a true second factor and also benefit from being unphishable.
    • If your team must use one time passwords, and is already confident in the security model of 1Password, consider using the ability to store one time passwords in 1Password for cases where you will benefit from having a one time password and from 1Password's strong security.

    1Password doesn't currently have an option to disable the option to add one-time passwords from being saved, but I'd love to hear more about your teams use case for doing this. If you'd like to discuss it in private, send an email to support@1password.com and include the link to this community post. If you are comfortable sharing here in public, that works for me too.

    I hope this information helps. Be sure to let me know if you have any questions.

This discussion has been closed.