Switch existing desktop 2FA from an authenticator app to 1Password

siplhium
siplhium
Community Member
edited February 20 in 1Password in the Browser

I want to try switching my desktop 2FA from an authenticator app to 1Password. Since I already have 2FA set up on numerous sites, I'm already past the point of scanning QR codes and one-time passwords (which is what your support article talks about). Do I have to set up 2FA all over again with each site, or is there an easy way to move this over to 1Password?


1Password Version: 8.10.24
Extension Version: Not Provided
OS Version: macOS 12.7
Browser: Not Provided

Comments

  • Hello @siplhium! 👋

    Thanks for the question! This depends on whether your previous authenticator app allows you to export your one-time passwords. If it does then you might be able to import them to 1Password: Move your data from other applications to 1Password

    Alternatively, if you're able to access the one-time password "seed" from the previous authenticator app then you can add that manually to your Login item for the same website in 1Password by following these steps:

    1. Open and unlock the 1Password for Mac desktop app.
    2. Select the Login item for the website, then click Edit.
    3. Click Add More, then choose One-Time Password.
    4. Copy the seed from the old authenticator app and paste the seed here.
    5. Save the item and verify that the one-time password generated by 1Password allows you sign in before removing it from the other authenticator app.

    That being said, in most cases, you'll need to setup two-factor authentication for each website again, this time saving the one-time password in 1Password. 1Password in the browser helps you accomplish with just a few steps, you can find our guide here: Use 1Password as an authenticator for sites with two-factor authentication

    -Dave

  • siplhium
    siplhium
    Community Member

    Thanks @Dave_1P. I was afraid this might be the case. Authy desktop is going EOL, so... As for the "How?", are we expected scan the QR code from a Mac, or do we have to be on a IOS device? I've tried the Mac, and it always say "QR code detection failed". If there's some magic (or an app) involved, the support article doesn't make this clear.

  • Dave_1P
    edited February 13

    @siplhium

    Thanks for the reply. I recommend using the browser extension to scan the QR code: Save your one-time password code - In the 1Password browser extension

    Here are the specific steps:

    1. Open and unlock the 1Password browser extension.
    2. Select the Login item for the website from the pop-up.
    3. Click the three dot button in the pop-up and choose Scan QR Code.

    Let me know if you run into any issues.

    -Dave

  • siplhium
    siplhium
    Community Member
    edited February 13


    @Dave_1P Hmm,
    I don't see a Scan QR Code in the list of options in the popup.

  • @siplhium

    It seems likely you'll need to be on the page 1Password recognizes. You might give this set of steps a try too.

    If the code is dense, you may need to increase its size. When this happens, I typically increase it twice. You can do this by pressing the Command key (Control on Windows) and "+" while viewing the code in the browser.
    To return to the standard view size in the browser, press Command key (Control on Windows) and 0.

  • siplhium
    siplhium
    Community Member

    @ag_tommy I think I've got it now. Yes, apparently you have to have your browser on a page, or the page, that deals with 2FA stuff. Of course every site does it differently. I'm not sure that the 1Password How-To page(s) explain this very well.

  • @siplhium, you're right, the steps may differ on a per site basis. Let us know if there are any in particular you are having trouble with and we can further assist.

  • siplhium
    siplhium
    Community Member

    @steph.giles I think the How-To could be more helpful. Right now, it says:

    "Search 2fa.directory for the website.
    Click the blue book button next to the name of the website."

    Not all sites are in the 2fa directory, and not all of the links go to a current 2fa setup page.

    "Follow the instructions the website provides.
    When you see a QR code to scan or a string of characters to copy, continue with the next steps."

    This just doesn't cut it; is about as barebones as you can get. And I'm an experienced developer and IT professional. Imagine how it is for people who are less experienced or not so great with technology.

    First you have to find the instructions, which inevitably means going into your account settings for that site, looking for a setting about Two-factor authentication and using an authentication app. Often they mention only Google Authenticator, and sometimes Authy, whose desktop app is sunsetting in March 2024). No one mentions 1Password, which isn't surprising, but may throw people. Every site handles this differently. Some allow you to switch apps in one or two steps; others make for delete your current key, click through another screen or two. Then, once you finally see the QR code, you can go to 1Password to scan the code. And even then, sometimes 1Password offers a 2FA button to click, and sometimes it doesn't. If it doesn't, you have to click the three-dot menu and look for the QR code item. And then hope that 1Password is able to copy the code (not a given).

    The 1Password folks could serve their customers a lot better by making more of an effort to ensure that their How-Tos describe and match the real world more closely, and don't leave customers scratching their heads and feeling frustrated because what they see doesn't match the instructions. This authentication stuff is not for the faint of heart, and most users probably don't really understand what's really going on and how it works.

  • @siplhium

    Thank you for the feedback. I agree that saving a one-time password can be confusing since different websites will offer different implementations. Just to clarify, are you running into issues when using the browser extension to scan the QR code for 2FA on certain websites? As mentioned earlier, we have the process documented here with an animation: Use 1Password as an authenticator for sites with two-factor authentication

    What websites aren't working when you use the browser extension, and the steps in that guide to save a one-time password in 1Password? I can file issues with our development team to have those issues fixed.

    -Dave

  • siplhium
    siplhium
    Community Member

    Hi @Dave_1P , no, I finally got the process figured out. My main point is that sites differ in exactly how you find the page that actually has the QR code. There is no real standard, just as site differ in how you register, log in, change settings, etc. And my other main point is that the 1Password app or extension may or may not respond or behave the same way as in the animation (as I described above), depending on the site. I can't list specific sites. I had to do our bank site, namesilo.com, github, a law firm site, an accounting site... all of them different.

  • @siplhium

    Thank you for the reply. I agree that there isn't any standard when it comes to how websites design the setup flow for two-factor authentication and this can make it challenging to find the right option. What's more, websites change their designs over time so you might come back in a month and see that the two-factor authentication option has been moved to a completely different place.

    1Password isn't in a position to control how other websites design their two-factor authentication setup flow but I do have good news. We're working with other industry leaders through the FIDO Alliance to create a new authentication standard that will do away with both passwords and two-factor authentication. This standard is called passkeys.

    Unlike passwords, you can’t create a weak passkey. Passkeys are generated by your device using a public-private key pair, which makes them strong and unique by default. Two-factor authentication was designed to add an additional layer of protection to passwords against phishing. Passkeys are already resistant to phishing and can be considered to have the same level of security as a password plus two-factor authentication, with a lot less friction.

    The great thing about passkeys is that the industry has a chance to create a standard approach across all websites and services and make signing in a more intuitive process for everyone, everywhere. You can read more about passkeys here: Save and Sign In with Passkeys Using 1Password on the Web and iOS

    -Dave

This discussion has been closed.