Several questions - 2-step and individual website passwords
Hoping this is the right forum to post these:
- If I used 2-step authentication on several accounts, do I still need them once I have signed up with 1Password? And if so, do I have to change any settings? So, for example, I use gmail's authenticator. Will there still be times that I will have to use that authenticator once on 1Password? Is that overkill - belt and suspenders?
- Once you have 1Password, you still have all of your individual passwords. If I let 1Password generate random passwords for those accounts, do I lose control of those passwords? What happens if I leave 1password? How will I get into those accounts? And once in 1Password, what's the risk of just using a single password on ALL of my accounts - now that they're behind 1Password?
Thanks very much. I would guess others have had similar questions.
Herb
1Password Version: 6
_Extension Version: 5.3
_OS Version Sierra/i0s10
_Sync Type: Not Provided
Comments
-
If I used 2-step authentication on several accounts, do I still need them once I have signed up with 1Password? And if so, do I have to change any settings? So, for example, I use gmail's authenticator. Will there still be times that I will have to use that authenticator once on 1Password? Is that overkill - belt and suspenders?
@herb_greenberg: This is a great question, and at least part of it isn't something I've seen asked before: You should still use 2-step authentication where available, and there are a few things to consider.
1Password actually supports the TOTP standard, which I use for my Google accounts, so it can generate the codes for these — functionally the same as Google Authenticator, and much more secure than using SMS. You just need to add the "secret" to your login item:
Use 1Password as an authenticator for sites with two-factor authentication
Once you have 1Password, you still have all of your individual passwords. If I let 1Password generate random passwords for those accounts, do I lose control of those passwords?
Nope! Your accounts are your own. We never have access to your data, which is encrypted using your Master Password, which only you know.
What happens if I leave 1password? How will I get into those accounts?
You own your data. If you don't pay, you can still access it. We won't lock you out. And if you want to move to another password manager, you can export your data from 1Password to take it there.
And once in 1Password, what's the risk of just using a single password on ALL of my accounts - now that they're behind 1Password?
To be perfectly clear, 1Password can only protect the data it has. It cannot protect your data stored in your accounts on the websites themselves — for example, your password. So if a website is breached and your password is stolen, 1Password can't prevent it from being used. That sounds pretty dire, but the benefit of using 1Password is that you can use a long, strong, unique password for each website, so that one breach doesn't give someone access to multiple accounts with that same password. The damage is limited to a single affected account.
Thanks very much. I would guess others have had similar questions.
Any time! I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Brenty, thank you very much. Very helpful. The more I work with this, the more intuitive, easier it gets. One follow-up and one comment:
Follow-up: On the 2-step, are you saying that if you have 2-step already installed, you would STILL create a OTP on top of that using 1 password? It's not clear from the tutorial. Does that mean you would have an outer wall, as well? is that necessary? So, on gmail I use the authenticator. Would I then want to make sure I have your OTP on top of that - go thru the process in the tutorial? Or can that be used INSTEAD OF the native site's 2-step?
Additional comment: I noticed on iOS, when using Exchange for my Google Apps mail I still needed to use Google's special app password - not one password. And this was ONLY on iOS, not in the OS. It would have been nice to see that in the iOS section as a tip. Stopped me in my tracks for awhile until I figured it out.
Thanks, again!
0 -
Brenty, thank you very much. Very helpful. The more I work with this, the more intuitive, easier it gets.
@herb_greenberg: I'm glad to hear it! Ultimately we'd like to have less of a learning curve, but at the same time we want 1Password to be powerful enough to be useful to you even after you've mastered it. We appreciate any feedback you might have!
One follow-up and one comment:
Follow-up: On the 2-step, are you saying that if you have 2-step already installed, you would STILL create a OTP on top of that using 1 password? It's not clear from the tutorial. Does that mean you would have an outer wall, as well? is that necessary? So, on gmail I use the authenticator. Would I then want to make sure I have your OTP on top of that - go thru the process in the tutorial? Or can that be used INSTEAD OF the native site's 2-step?Man, this is confusing! I'll see if I can explain it. When you use Google Authenticator, it generates a one-time password for you to login to websites, whether it be Google, Dropbox, or others. What I'm saying (or, trying to, heh) is that 1Password can act as a TOTP client like the Google Authenticator app to generate these codes for you. That way you can store the TOTP secret securely in 1Password instead of using a separate app which isn't particularly secure. So if you're already using TOTP for Google, the only thing that changes is that 1Password generates the code for you instead of another app.
Additional comment: I noticed on iOS, when using Exchange for my Google Apps mail I still needed to use Google's special app password - not one password. And this was ONLY on iOS, not in the OS. It would have been nice to see that in the iOS section as a tip. Stopped me in my tracks for awhile until I figured it out.
Thanks, again!I'm not sure I understand. I used to use Exchange with my Google accounts for push email support years ago, but I thought they discontinued that. So I think you're probably referring to something else. And "app passwords", as I understand from my own experience, are used for apps that don't support TOTP for login when your account is setup to use TOTP.
Ultimately all 1Password does is securely store information for you, and then it can also fill Logins, Credit Cards, and Identities on websites. So it sounds like what you're describing may be a Google/Exchange issue quite unrelated to 1Password...but I'm happy to learn something new whether I'm right or wrong about that, so let me know! :)
0 -
Thank you! Last question on TOTP: If you install 1PW's TOTP would it then be logical to turn off all other 2-step authentications? In other words, 1PW's would be your go-to TOTP?
0 -
@herb_greenberg: You're still using the TOTP for the account (Google, Dropbox, etc.), only 1Password is generating the code for you instead of another app. 1Password itself doesn't have a TOTP code. It's just helping you secure them for your accounts, like it does usernames and passwords. Definitely don't disable TOTP. :)
0 -
Will give it a whirl. Thanks!
0 -
Any time! Cheers! :)
0
