What authenticators work with 1Password?

Options
Johnep
Johnep
Community Member
edited February 21 in iOS

I am considering 1Password. What authenticators does it work with? I use VIP Access for one app and also have MS Authenticator, but am open to others.
FWIW, I use Windows 11 for desktop, browsers: Edge and Chrome, and iPhone, IOS 17.3.1 for smartphone.
Thanks,
John

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P
    Options

    Hello @Johnep! 👋

    Welcome to 1Password! If you're wanting to use 1Password as an authenticator app then we support the Time-based one-time password (TOTP) standard. You can read more here: Use 1Password as an authenticator for sites with two-factor authentication

    If you'd like to setup two-factor authentication for your 1Password account itself you can use either a TOTP authenticator app (like Microsoft Authenticator) or a hardware security key: Turn on two-factor authentication for your 1Password account

    I use VIP Access for one app

    If you mean Symantec VIP Access then you'll need to continue using that authenticator for that app since it uses a proprietary standard that 1Password isn't compatible with. Alternatively, you could reach out to the app in question and ask if they support TOTP which is compatible with 1Password.

    Let me know if you have any other questions. 🙂

    -Dave

  • Johnep
    Johnep
    Community Member
    Options

    Thanks Dave. I am unclear of exactly how authenticators work. In looking at the list of 2FA sites, it appears that most will support SMS, but very few support software solutions which I am assuming means authenticators that only support SMS will not work with an authenticator. Is that true?

  • GreyM1P
    GreyM1P
    Options

    @Johnep

    If a website doesn't support time-based one-time passwords (TOTP) such as ones generated by 1Password, Google Authenticator, Authy, and similar apps, then yes, something like SMS may be offered instead.

    Two-factor authentication by SMS is considered insecure and lacking resilience these days, since they are paired to your phone number, which could be lost or stolen, and rely on you being able to receive an SMS at the time of use. Equally, if someone was to steal your phone number, as we've seen happen in some cases lately, that person would then receive your one-time passwords in text messages, and (crucially) you wouldn't.

    Authenticator apps generating one-time passwords like 1Password does are considered much safer, since they don't fall foul of the things shown above. They're not linked to a phone number, don't need your phone to have cellular coverage (since they work offline), and all of your 1Password apps will show the same one-time password for the same item.

    Wherever you have the option to use two-factor authentication, you should aim to use the TOTP (authenticator app) route wherever possible and follow the guide Dave shared to set it up in 1Password.

    Hope that answers your question! We'll be here if we can be of any help. :)