Suggestion: add support for 2FA backup codes

Options
Chris Messina
Chris Messina
Community Member

I saw one other person using the Notes feature to store backup codes for 2FA logins — which is the approach I've taken. But eventually, as more services support 2FA, this feels clumsy and disorganized. While it's true that I can add arbitrary fields to 1P login entries, I wonder if it might make sense to more explicitly support backup codes in the UI?

Additionally, perhaps it'd make sense to make 1P login entries 2FA aware? It'd be very interested to be able to use 1P to both fill a password AND generate the second factor token (or receive it from my device). Is this something you could work towards, or look to integrating with another service like Authy?


1Password Version: 5.1b34
Extension Version: 4.4.3.2
OS Version: 10.10.3
Sync Type: Dropbox

Comments

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    Hi Chris,

    Thanks for taking the time to ask us about this! To make sure I understand what you mean, when you refer to "backup codes" are you talking about codes given by websites that support time-based one-time passwords, as a sort of emergency/last resort code in case you become locked out of your account and need to disable two-step verification?

    If so, can you please elaborate on how you'd like to store those in 1Password? Instead of putting them in the notes field, you could add a custom field and label it however you'd like. You can even set the field type of your custom field (for example, set that field to "password" and it will be concealed like other password fields). If you had something else in mind, please let us know some more specifics - we're always happy to receive feedback!

    Additionally, perhaps it'd make sense to make 1P login entries 2FA aware? It'd be very interested to be able to use 1P to both fill a password AND generate the second factor token (or receive it from my device). Is this something you could work towards, or look to integrating with another service like Authy?

    I might be misunderstanding your question, so I apologize in advance if this answer doesn't apply, but just in case you weren't already aware, the latest versions of 1Password for Mac, iOS, and Windows support Time-based One-Time Passwords - so they can fill your normal password and also generate the TOTP. We have steps to set that up in this knowledgebase article.

    If I misunderstood what you meant, please let us know. Thanks! :)

  • Chris Messina
    Chris Messina
    Community Member
    Options

    Hey Drew, thanks for your prompt reply.

    Yes, I'm talking about the emergency backup codes. Typically I'm given ~10 of these codes, and it doesn't make much sense to put all of them in one field; it'd be nice (for example) to be able to paste a line-separated list into an "emergency backup codes" field which would convert the list into a checklist. That way if I end up using one of the codes and check it off, it gets removed from the list. I guess I'm looking for a way to 1) store these codes all at once 2) be able to track which ones I've used. Maybe a feature is overkill for this, but I wanted to request it anyway.

    I also was completely unaware that 1Password supports OTP generation! WOW, that is SOOOOOO obscure and hidden! Perhaps for the more popular services (Google, Dropbox, Facebook, etc) you could call out this feature automatically? There's no way I would have found it otherwise.

    I'd also like to piggyback a request on this (since 1P does OTP generation), which is to offer an Authy-like Today Widget so I can easily access these OTPs. Having to login to 1P to access them is really inaccessible given my typical workflow.

    Overall, I'd love to rely on 1P for OTPs, and right now the support is far too inconvenient and obscure I think to replace my existing solutions.

    Thanks!

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    Hi Chris,

    Thanks for the clarification! I can't make any promises of course, but I can certainly let our developers know you'd like to have a feature specifically for storing your backup codes. For now, I hope storing them in a custom section with custom fields will be a suitable workaround.

    I'm glad you're excited about the TOTP feature in 1Password! It's a relatively new feature (added earlier this year) and I'm sure we can make it even better in future versions. I'll be happy to pass your feedback along to our developers.

    I'd also like to piggyback a request on this (since 1P does OTP generation), which is to offer an Authy-like Today Widget so I can easily access these OTPs.

    That's certainly an interesting idea! Seems like that would be handy, although I wonder if there might be some security concerns there, since the "Today" screen & widgets can be accessed from the lock screen of an iOS device without unlocking it (although I realize that can be disabled). Still, it's something we could look into.

    By the way, if you use 1Password 5 on an iOS device and have the Pro Features unlocked, it can show your TOTP on an Apple Watch (if you also happen to have an Apple Watch, of course.)

    Thanks again for the suggestions and feedback, we really appreciate it! :)

  • Chris Messina
    Chris Messina
    Community Member
    Options

    Understood; just wanted to add a vote for this feature idea!

    Re: Today widget: security isn't a problem with the Authy widget as long as you lock your phone. Unless your phone is unlocked, Authy won't show the OTP codes in the Today widget:

    I don't have an Apple Watch, so the current 1P feature won't help me.

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    Thanks Chris, I hadn't realized widgets can act differently (i.e. conceal passwords) when viewing the Today screen while the device is locked. That's really good to know, and I'm sure that makes it more of a possibility to be added in 1Password!

    I learn something new every day. :)

  • Chris Messina
    Chris Messina
    Community Member
    Options

    Yay! :)

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    :smile:

This discussion has been closed.