Future 1Password ability to automate two step security?
I wonder if 1Password is working on possible ways to assist users with two step security. At present, each time a web site implements two step security by sending a one time code I have to open my phone or email and manually copy across the security code.
I wonder if 1Password could develop a facility that would allow me to give a special phone number or email address to my web sites, associated with my 1Password account only, that would send the two step security codes to a secure AgileBits cloud server. Then I could go to a web site, click my browser icon enter my ID and password, and wait a few seconds for my login item to flash that the one time security code had been received. Then I could click my login item again to have 1Password fill the security code box.
I don't know whether this is feasible, but it would certainly be helpful. Presumably, even if someone got ahold of my special AgileBits cloud phone number or email address they could not access my two step security codes unless they also had my 1Password master password.
Comments
-
Hi @fourwheelcycle ,
Well, it just so happens that in the 5.3 update for 1Password for Mac, we introduced support for time-based one-time passwords, which are used for two-step verification. It is important to note that storing your one-time passwords inside 1Password does not provide true two-factor authentication. Our security guru has more details on what this new feature means for 1Password users here: TOTP for 1Password users.
You can learn how to add your one-time passwords to 1Password in our User Guide.
I hope this helps, but if you have any further questions, we're here for you!
0 -
Hi Megan,
OK, I saw that announcement, but I misread it. I thought it was announcing a new feature for people who want to use time-limited passwords, with a reminder from 1Password when it is time to generate and save a new login password. I guess you can't save people from their own inability to read announcements.
Even after reading the User Guide I can't quite understand how this would work, but I'll try it the next time I login to one of my sites that requires a one time password.
0 -
Hi @fourwheelcycle,
The TOTP we support is a little different than what you describe with the phones and text messages. The technology is similar, except that it's standardized such that the website can give you your TOTP secret (in the form of a totpauth:// url or a QR code). Once you have that secret, and an app (like 1Password) that knows how to act upon it, you can generate your own TOTP values instead of having the server generate them and text message them to your phone. This way when the website asks you for the 2nd factor you don't need to wait for the text message. Since both you and the server have the same shared secret, you'll both be generating the same code, and they'll verify what you input against their own value.
I hope this helps.
Rick
0 -
To AgileBits,
I checked the four web sites I use most frequently that now offer or require two-step login security - Eastern Point Trust, Bank of America, Vanguard and Turbotax. As far as I can tell (often I can't tell very far!) none of these sites offer a way to work with 1Password's new TOTP feature. They only offer to send a one time security code to my email or send a text to my cell phone number.
So, unless I don't understand AgileBits' new feature or the security options of the four web sites I have noted above, what would really help me, and presumably other 1Password users, is the type of two step security facility I described in my original post.
0 -
Hi @fourwheelcycle ,
Unfortunately there are some implementations of two-step verification that we don't support right now, and it seems like you have found a few of them in the sites you listed.
For now, a website needs to have the option to display a QR code or provide a totpauth:// url in order for the one-time password to be stored in 1Password. Of course, this is a brand new feature in 1Password, and we'll do what we can to make it even more convenient in the future.
Please let us know if you have any further questions!
0
