🔓 Introducing Recovery Codes - Now Available!
Comments
-
I keep my Emergency Kit (which was generated when I signed up for 1Password) in a safe place now. Would you recommend having the Recovery Code in the same place, or is that redundant? Is the idea that this goes in a different safe place, or is it useful together?
0 -
That would be a highly personal decision. As for me, I keep the Emergency Kit and the Recovery Code with other important papers. A casual observer of my papers would not easily associate the two with one another.
There could be a reason where I need the Secret Key, and the Emergency Kit will give me that. If you've stored your password on the Emergency Kit, you can retrieve it from there if necessary. I think there is value in having ready access to both. My personal needs may not be the same as yours.
I typically think of my Emergency Kit as my first line of defense and the Recovery Code as my last (fail-safe) resort. I also have an additional family member who could assist me with account recovery if needed. For me, my levels of use are as follows:
- The steps below could be highly fluid, depending on the situations encountered.
- Emergency Kit.
- Account recovery from a family member.
- Recovery code.
The most important thing is to ensure they are stored safely and securely, allowing you access when needed.
2 -
I feel like the Recovery code will make accounts much less secure and easily compromised if an attacker were to get a hold of it. Now, I think this makes it important to enable 2FA which didn't seem as important before because with the Emergency Kit, they would need the code plus master password which was essentially a form of 2FA. Now, if we enable 2FA, we'll need to set up a family member to be able to reset it. Things just got more complicated in my opinion, correct me if I'm wrong.
0 -
Recovery codes are designed to be safe and secure. A recovery code by itself isn't enough to access your account if it is found; identity verification using the email address associated with your 1Password account is still required. In contrast, a copy of your password and Secret Key - if stored together - could immediately be used to access your account, so there is a much greater need to protect a copy of these credentials than a recovery code.
Adding identity verification into the mix in addition to the existing knowledge factors is designed to make it easier to balance safe-keeping with accessibility in an emergency.
-Dave
0 -
Question, what is the font used for the 1Password recovery code? The reason I ask is that I printed it out, now entering into a secure note - but I can't figure out what is a zero and what is a letter. For instance, the "Q" looks exactly like the letter O and a zero.
0 -
Thanks for the update. I just created a new code but will be sure to change font next time on the printout.
0
