🔓 Introducing Recovery Codes - Now Available!
👋 Hey everyone!
We’re so excited to announce that recovery codes are now available to all users on Individual and Families plans! This new feature ensures you’ll never be locked out of your 1Password account, providing an additional layer of security and peace of mind.
https://www.youtube.com/watch?v=Q8rZxntMlN0
Create a recovery code
To create a recovery code, make sure you have the latest version of the 1Password app on iOS, Android, macOS, Windows, or Linux. Sign in and select your account in the Manage Accounts menu. From there, choose the account you’d like to set up a recovery code for. Next, go to Sign-In & Recovery and select Set up recovery code. Once created, store your recovery code in a safe and accessible place outside of this account.
Use a recovery code
You can use your recovery code on 1Password.com to regain access to your account if you ever get locked out. To recover your account, go to the 1Password sign-in page and select Having Trouble Signing In? -> Use Recovery Code to get started. Enter your recovery code and follow the prompts to regain access.
Multiple recovery methods
Family Organizers still have the option to recover other members of their account. However, if the person being recovered already has a valid recovery code, they can instead use it to recover their account without having to rely on the Family Organizer in the process. Otherwise, if the person chooses to be recovered by the Family Organizer, the existing recovery code will become invalid, and a new one will need to be generated after recovery.
Notes
- Recovering your account will result in a new password and Secret Key, and you’ll need to sign back into 1Password on your trusted devices.
- You must have access to the email address associated with your 1Password account for account recovery.
- Your recovery code is reusable and remains valid after use.
You can learn more about recovery codes in our help article. Create your recovery code today to ensure you never lose access to your 1Password account.
As always, we’d love to hear your feedback on this new feature. Stay secure!
Comments
-
Hello there. I just created one via the Desktop app but found out the "Print" button wont work. When clicking that, it shows "No preview available" and after clicking print it just closes and wont print it.
0 -
Let's get you to our technical team for further review. To get you started I'd recommend checking for and applying any updates to 1Password and the OS. Restarting the devices may also be a fruitful effort here. If there are any OS updates that process will typically cover the restart.
If none of that helps, please email us using
support+forum@1password.com. Be sure to use the email address tied to the account in question. The team may ask you to try and reproduce the issue a few times and send in logs. I'm not exactly sure what they will need in this instance. They'll be able to clarify that when you converse with them.I'd included the full OS in use, and any steps you've taken in your initial email.
0 -
Great thought. You're welcome. Let us know if you wish to continue troubleshooting what you experienced.
1 -
I see the instructions say "Recovering your account will result in a new password and Secret Key." Just to clarify: initially setting up the recovery code will not affect the current password and Secret Key ... true? Thanks very much.
0 -
If the recovery code can only be used if you have some way of logging in and retrieving your email, doesn't this create a Catch 22 if you use 1Password to save your randomly-generated email password (as well as the one-time password code authenticator)?
How am I supposed to login to my email if I cannot access 1Password?
1 -
Correct. Setting up the code will not create a new Secret Key/Password only using the code for account recovery would do that.
0 -
My personal email address password associated with 1Password is kept with my other important papers, outside of 1Password. It and 1Password are the only passwords I know.
0 -
@ag_tommy - ... so we need to have them rename it to "2Password"? :)
1 -
Well, if you have your password for your email client in 1Password and you forget your 1Password password, how would you access it to regain access? There are some situations where you need to know vital passwords. For example, 1Password manages my personal email password. I also have it recorded outside of 1Password for such situations. :)
It along with 1Password are the single most important passwords to me. Ideally, most people would hopefully, not need the email password as it's likely stored in an email client somewhere where you can access it. Most folks have multiple devices like a phone and a computer or a tablet.
0 -
Regarding above comment from @ag_tommy :
"Well, if you have your password for your email client in 1Password and you forget your 1Password password, how would you access it to regain access? "
Here are some alternative recovery options 1Password could use other than requiring a login to the email account (not in any particular order):
Federal Express with "Adult Signature Required" (which requires government-issued photo identification - https://www.fedex.com/en-us/delivery-options/signature-services.html#types )
2FA using a trusted/family phone number or authenticator
Biometrics
Recovery Yubikey device (or similar)
Voice Phone Call Confirmation using saved, confirmed telephone number with challenge questions and/or voice recognition
My main email is one of the MOST critical and sensitive passwords I want to protect. It is registered and used by my bank, government for password resets, login confirmation codes, etc.
I want it to be completely random and fantastically complicated so it is super difficult for anyone to gain access to it. This is the whole reason to have it saved in 1Password. In fact, my email is also protected via 2FA using 1Password's 'One-Time Password' authenticator. So, knowing just the email password doesn't help me either. I need 1Password to provide the one-time authentication code as well.
In my opinion, this recovery dependency is insufficient.
2 -
Mine is much the same (very complex and rated fantastic) but I have it recorded outside of 1Password for such situations. I also have my email clients signed into multiple devices (tablet, phone and computer). With those multiple devices it becomes less likely that all email apps would lose access but it is still a thing to consider in some situations like a natural disaster. For those kinds of situations I have my password and Secret Key saved in a safe deposit box. Which while difficult and inconvenient it could be accessed if needed.
Thank you for the feedback I have shared it with the team.
0 -
Since @Niqui has already mentioned almost this issue and @ag_tommy responded, I will add that
1. The interface shows both [Save] and [Print] buttons unlike the image in the article,
2. Clicking [Print] works for me, but clicking anything in the print dialog crashed 1Password,
3. Clicking [Save] does nothing,
4. The text of the code cannot be selected, so cannot be copied,
5. After failing to save, clicking [Next] inserts a warning, then does nothing,Despite the crash, 2 silently produced a file,
~/Documents/output.pdf, containing the recovery code. This leaves the code in a readable file on the client system unknown to the user, which is a problem. The crash is inconsistently reproducible.The combination of 3 and 4 is a bigger problem, not helped by the dark orange styled warning "Make sure you save your recovery code" which appears when clicking the never-ending [Next], leaving the user in a situation in which they don't know if they have saved a code, or if that code can be retrieved from the client, or if a new code will replace the previous one when visiting the interface and being faced with [Generate recovery code] to continue, which it will.
After re-testing all the above, the never-ending [Next] now goes to a "Confirm your recovery code" dialog with a [Confirm and finish setup] button and the subsequent "Recover code successfully created" message, strongly suggesting that the (previously) saved code was useless.
1Password for Linux 8.10.34 (81034040)
1 -
I have mixed feelings about the advent of recovery codes for 1Password. 🤔
I rather liked the existing system which required two pieces of information ie password and secret key - that to me felt more secure. In my case I also use 2FA which adds a third layer.
I haven’t decided yet whether to generate a recovery code to keep securely somewhere, but I do have one question at this point - given that I currently use 2FA. Would using a recovery code effectively bypass all of that or I would I still need to use the 2FA I have set up as well as the recovery code? I’m guessing not, but better to ask now than when I’m in a fix some day - heaven forbid!
0 -
Generate and use recovery codes
If you previously enabled two-factor authentication for your account, it will remain turned on.
If your account has 2FA turned on using the recovery code will allow you to set a new password. 2FA will remain active and would be required when signing in and accessing your data.
0 -
Please report the crash to our technical team who may ask for logs to help them clarify what is happening. Please email us using
support+forum@1password.com. Be sure to use the email address tied to the account in question.Correct, Save and Print options are shown to me when using 1Passwrod.com to create the recovery code. The image you shared is from 1Password 8 the desktop application.
Include the following:
Your user name here in the forum.
AJCxZ0
A link to this topic.https://1password.community/discussion/comment/713045/#Comment_713045This will help us connect the dots as they say.
0 -
Thanks for your reply. Looking back perhaps I didn’t phrase my question very well.
What I meant was. If I use a recovery code in an emergency to regain access to my account will I still need to use the 2FA at the time I actually use the recovery code? In other words will it still be required at that particular point as an additional layer of security?
0 -
When you use the recovery code, you'll get the opportunity to change your password. This does not require 2FA. You will not be accessing your data.
Once the password is changed, everything remains in place as is including the previous 2FA setup. Then if you then try to log into 1Password.com you would be prompted for the 2FA code because you'll be accessing your data.
I just ran thought this on my side in a test account to make sure nothing was missed. Please let me know if you have any questions. I think we're on the same page just coming at the question from two different directions. 😅 You've got to love this 2D world. Sometimes it gets interesting.
0 -
0
-
You're welcome.
0 -
Thank a bunch! It is here and with the correct team. :)
ref: XPQ-81286-692
0 -
What if I have a Yubikey setup for my account?
0 -
I would not expect it to make a difference with a key or a code. They are both 2FA methods for use with 1Password accounts.
0 -
So if I am incapacitated and someone they will be able to get inn without my 2FA authentication app or Yubikey?
0 -
No, the recovery code will let you change the password. However, to access the data you would need to provide the 2FA code.
Once the password is changed, everything remains in place as is including the previous 2FA setup. Then if you then try to log into 1Password.com you would be prompted for the 2FA code because you'll be accessing your data.
2FA code/key :)
0 -
Ah in that case I need to remove the 2FA / Yubikey since I otherwise will be locked out if I end up in an emergency without the key or a trusted device...
0 -
Understood. You can always disable 2FA from within the apps, if you have access.
Turn on two-factor authentication for your 1Password account
0 -
Thanks!
0 -
I'm glad you found the conversation helpful. Please let us know if you have any questions.
0
