Basic Security Feature Ask: SMS for 2FA

pgpass
pgpass
Community Member

I am very surprised to know that 1password does not support SMA for 2FA. Please consider adding that support. When you do, please do allow multiple mobile phones registered.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • XIII
    XIII
    Community Member

    Maybe because 2FA via SMS is not very secure (though better than no 2FA), because of SIM swapping?

  • Hi there @pgpass

    As @XIII has mentioned, SMS-based two-factor authentication isn't considered strong enough for securing your 1Password account, since issues like SIM hijacking can mean that your phone number can be taken over. This might not necessarily grant someone else access, but would definitely mean that you couldn't authenticate when you need to.

    However, authenticator apps will work offline and aren't bound to a phone number. Similarly, hardware security keys are completely self-contained.

    There are no plans to support SMS-based two-factor authentication for your 1Password account for these reasons, due to the security weaknesses of SMS and the other, more secure, options already supported.

    Please let me know if you have any questions, or would like any further help.

    — Grey

  • pgpass
    pgpass
    Community Member

    Well it is better than no 2FA.

    Plus you already have secret key and password, a malicious user first need to get those.

    Me and my wife share the same 1password account , and to get her take an additional step of Authenticator app is going to be difficult.

  • pgpass
    pgpass
    Community Member

    And yes I know someone will post that we should not be sharing the same 1password account and use the shared vault. But personal choice I don’t want to do that.

  • Dave_1P
    edited October 2023

    @pgpass

    I personally find that something like Authy or Microsoft Authenticator works very well for folks, even if they aren't as technically savvy.

    You can find our article on two-factor authentication here: Turn on two-factor authentication for your 1Password account

    Remember that your wife will only need to use the authenticator app the first time that she logs into the 1Password account on a new device or browser. It's not something that she'll be using everyday. So once you help setup the authenticator app it'll just sit in the background on her phone.

    -Dave

This discussion has been closed.