To protect your privacy: email us with billing or account questions instead of posting here.

Recovery Codes & Security Protocol

bear67512
bear67512
Community Member
edited August 13 in Memberships

Hi all, I am abit of a paranoid person here, but I would like to ask I undertand there is a recovery code option but I dare not select it for fear of i dont know, losing it etc.

I printed out the secret keys and have the passwords written onto them, stored one of them in icloud.

Can anyone walk through with me the best practices concerning the set up and maintenance of recovery codes for 1passwords? Would be most grateful.

ps. Do you use your security keys besides on 1Password? Do you encrypt the pdf stored in iCloud?

Kind regards.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: mac sonoma
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @bear67512! 👋

    Thank you for reaching out! Recovery codes enable you to recovery (hence the name) access to your 1Password account in case you lose your Secret Key or account password. You can read more about recovery codes here:

    Recovery codes are safer than saving a copy of your password and Secret Key because a recovery code by itself isn't enough to access your account if it is found; identity verification using the email address associated with your 1Password account is still required. In contrast, a copy of your password and Secret Key - if stored together - could immediately be used to access your account, so there is a much greater need to protect a copy of these credentials than a recovery code. Adding identity verification into the mix in addition to the existing knowledge factors is designed to make it easier to balance safe-keeping with accessibility in an emergency.

    While it's okay to store a copy of your Secret Key in iCloud (ideally by storing your Emergency Kit ), I wouldn't store your account password along with it since anyone who gets access to your iCloud account and finds your Secret Key and account password will then be able to login to your 1Password account. Your account password should be memorized rather than saved to your iCloud account.

    You can store your recovery code in iCloud, even if someone finds it they'll still need access to your email address to access your 1Password account. I would also print out and store a physical copy of your recovery code somewhere secure like a personal safe. I hope that helps.

    -Dave

  • bear67512
    bear67512
    Community Member

    Hi Dave,
    Thank you for your thoughtful reply. I appreciate it. I am ignorant in this field and can I confirm with you if this following checklist is suitable to check if things are watertight?

    Example.
    1. Email address (is proton email/google mail or outlook mail are more secure option?)
    2. Ensure 2FA is set up (physica keys (make sure there are three; and OTP for each key)
    3. Print out 2 copies of secret keys and password (one in a physical fire proof safe; two other locations)
    4. Keep 1 other copy in the cloud pdf encrypted
    5. Monitor by logging on to the 1password website to check on login items
    6. Set up recovery code
    7. Test email recovery under number 1.

    Does that sound robust?

    Kind regards,

  • ag_tommy
    ag_tommy
    edited August 13

    @bear67512

    1. You can elect to use whichever email provider provides the options you need most. Myself, I prefer iCloud as I live in the Apple ecosystem. Your needs may vary.
    2. 2FA I suggest for all accounts that support the option. It is a purely personal decision on using 2FA for 1Password. Some users prefer the added security and others prefer to let the Secret Key and password do the work for them.
    3. I use the old adage when I used to climb rocks and go rappelling. That's 3 anchors will bring you home. I keep one locally, one at a relatives and one in a Safe deposit box. All are kept in Fireproof safes at the respective locations.
    4. You can opt for this. I have a family account with multiple owners so one of them can facilitate recovery for me. So I do not use this option.
    5. I'm not entirely sure what you are referring to. If you're asking about linked devices, you'll get an email notification of new device linkings. That said it is a great ideas to always keep a close eye on your security.
    6. YES. Do this. I have even with my multiple owners who could handle account recovery.
    7. Ensure your email password is stored outside of 1Password. If you need to login to access it you may need the password. If it's locked in 1Password and you need recovery you'll be in a catch 22.

    I know my 1Password account password and email account password. Other than this 1Password handles everything for me.