To protect your privacy: email us with billing or account questions instead of posting here.

What MFA token for non-technical family to protect 1Password account

zcutlip
zcutlip
Community Member
edited October 2 in Memberships

I have a catch-22 when advising my non-technical family members how to protect their 1Password account.

I have them using 1Password as the MFA code generator for accounts that support it. However, I'm not sure what to advise them to use to protect their 1Password account itself

Clearly 1Password can't be its own MFA token, because there would be no way to bootstrap logging in if there were no existing authenticated devices.

Personally I use a Yubikey, but I'm not going to ask my family to obtain and keep up with Yubikeys simply to protect a single login.

I'm curious what other users are doing in this case, and what 1Password advises?

1Password Version: 1Password for Mac 8.10.44 (81044034)
Extension Version: Not Provided
OS Version: macOS 15.1
Browser: Safari

Comments

  • Dave_1P
    Dave_1P

    Hello @zcutlip! 👋

    Thanks for the question! You're right that your family members shouldn't store their one-time password for 1Password inside of 1Password, that would be like keeping a key for a safe inside of the safe. Most users will use another authenticator app to store the one-time password for their 1Password account:

    • Authy
    • Microsoft Authenticator
    • Okta Verify
    • Google Authenticator

    You can read more here: Turn on two-factor authentication for your 1Password account

    That being said, your 1Password account isn't like other accounts that are only protected using a password that could potentially be reused somewhere else. To access your 1Password account an attacker would need both your account password and a unique Secret Key. And, since 1Password uses Secure Remote Protocol (SRP) to make sure that your account password never leaves your device, there is less risk of anyone being able to get their hands on it: How Secure Remote Password protects your 1Password account

    Since your 1Password account is already protected by your account password and Secret Key, it's not obligatory to enable two-factor authentication for your 1Password account. Whether or not your family members use two-factor authentication for their 1Password account is up to their personal threat model.

    -Dave