Improve the recovery code backup process

nicos18
nicos18
Community Member
edited August 2024 in Unlock with passkeys

Hello,

I have feedback for improving the recovery code backup process.

When creating a recovery code, it asks the user to save a copy of that code in a location of choice.

The fact is that if a user doesn't have a copy of the recovery code anymore, the only way to get another copy is to replace the recovery code entirely.

In both 1Password website and apps, a user can reveal the secret key and copy as plain text (in 1Password website a user can also download the emergency kit again).

While for the recovery code, both in 1Password website and apps a user can only delete it or replace it; in 1Password apps, for example, the recovery code is shown only partially, and it can't be copied to paste in a txt document, just for example.

I think that this should be addressed.

Thank you.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @nicos18! 👋

    Thank you for the feedback! If you lose your recovery code then I recommend that you generate a new one so that you ensure that an active recovery code doesn't fall into the wrong hands.

    Can you tell me a little more about a scenario where you've misplaced your recovery code but just want to reveal it again rather than generating a new code? Why not just generate a new recovery code which will invalidate the existing recovery code?

    -Dave

  • nicos18
    nicos18
    Community Member

    @Dave_1P

    Can you tell me a little more about a scenario where you've misplaced your recovery code but just want to reveal it again rather than generating a new code? Why not just generate a new recovery code which will invalidate the existing recovery code?

    A scenario could be when creating a recovery code and somehow the file is not saved on the device, for example.

  • Dave_1P
    Dave_1P
    edited October 2024

    @nicos18

    Thank for the reply. When you create a recovery code, after the recovery code is saved to your device or printed out, 1Password will ask you to confirm your recovery code by typing it in. This is to make sure that you have a copy of your recovery code accessible to you, that you have self-custody of the recovery code. If you don't save or print the recovery code then an error message appears and you can't finish creating the recovery code without first saving your recovery code and then typing it back into the recovery code creation prompt:

    image

    If you create a recovery code and then misplace it then I recommend that you replace it by generating a new recovery code. This will invalidate the old misplaced recovery code.

    -Dave

  • nicos18
    nicos18
    Community Member

    @Dave_1P

    I created my recovery code before this verification was introduced.

    To test it, I should delete and create a new recovery code, correct?

  • Dave_1P
    Dave_1P

    @nicos18

    Correct, you would follow the replace recovery code process outlined in our guide: Generate and use recovery codes

    Let me know if you run into any issues.

    -Dave

  • nicos18
    nicos18
    Community Member

    @Dave_1P

    Thanks for confirming.

  • Dave_1P
    Dave_1P

    I'm happy to help! 🙂

    -Dave