1Password account recovery plan
Comments
-
@rickfillion @brenty, I hope this makes sense:
I am happy 1Password now has two factor authentication. A few things I really like, I don’t put my phone number in, and no recovery codes. In my opinion, they are no good for this type of stuff. Cell numbers can easily be cloned, and recovery codes, well, they are just passwords.
I have a 1Password family account, and I am the family organizer. So I am responsible for other peoples accounts (keeping them active) and I am there if and when they lock themselves out. So I can’t get locked out.
My wife is also a family organizers and I think I came up with a great fail safe system so there isn’t an “ooops” moment.
I am using Authy as my authenticator. I like it because I can sync to multiple devices (iPad, iPhone, and my MacBook). But to sync across devices, you need a password on Authy (This password encrypts your info) . At 1st that worried me, because this password will be saved in 1Password (how can I get the password for my authentication app if I can’t get into 1Password?). I made an easy typable password for this (4-5 words) and I saved this under the “Password” category. I added the tag “prime_1Password” to it.
On my iPad I was in my 1Password app, and pulled up the starter kit login for my 1Password account. I got it ready to have a TOTP added to it.
I set up my Authy app (phone number and cell number). I logged into my 1Password account on my MacBook, on my iPhone I had the Authy app ready, and on my iPad I had my starter kit login ready. I scanned the QR code from my MacBook to my iPhone (Authy app) and on my iPad (starter kit). Did what the instructions told me, punched in the 6 digits everywhere, and I was done. I now had 2 authenticators apps with the same info. For my starter kid login, I added the tag “prime_1Password”.
Now I made sure the Authy app synced up to my other devices, and they did. So now I have 3 devices with the authenticator app on it.
I did the exact same thing for my wife, added the tag “awesomewife_1Password” to her starter kit and Authy password.
My wife and I, we have a joint vault called “Bills” that we put anything we both need access to in this vault.
When I got all done setting both accounts up, I added all 4 items to our shared “Bills” vault (my starter kit login, my Authy password, my wife's starter kit login, and her Authy password). So now I have all backed up: Master password, the Secret Key, and my authentication. I also have the password for Authy in there too. The reason why I made it an easy tyable for Authy, if I ever have to manually type that password, it will be easy to type it.
So my wife and I accounts should be protected from being locked out, unless we somehow lose 6 devices (it can happen). Now of Agilebits would make it so I can make my daughter a family organizer without her seeing all the vaults and billing info, that would be great ;)
0 -
That sounds like a really great setup, @prime. Thanks for sharing it.
Now of Agilebits would make it so I can make my daughter a family organizer without her seeing all the vaults and billing info, that would be great
That's something Shiner and I discussed at length last time I was in the office. We talked about it mostly from a recovery perspective. I assume that that's what you'd like her to be able to help with?
Rick
0 -
That's something Shiner and I discussed at length last time I was in the office. We talked about it mostly from a recovery perspective. I assume that that's what you'd like her to be able to help with?
Yes! Exactly :)
0 -
Good to see we're on the same page. :)
Rick
0 -
I don’t put my phone number in
Can you make an Authy account without a phone number?
Last time I tried (years ago) that was required, since they use it for recovery:
0 -
@XIII yes, you need a cell number. I don’t like it, and I can turn off the syncing too. So if an attacker does get my SIM, they can’t get my 2FA.
It seems that the phone number is just to authorize a device, and as long as you don’t have the back up on, an attacker can’t get anything. I do have the back up on, with a strong password. Sadly to sync between devices, you need the back up turned on.
I also used an email address not the same as my 1Password account on Authy.
I use to put my google voice number on this stuff, because no one knew what it was. Now working for my friends company, I use that google voice number.
The ideal world would be AgileBits making an authenticator app too ;) make it so there is a secret key and a password :lol:
0 -
It seems that the phone number is just to authorize a device, and as long as you don’t have the back up on, an attacker can’t get anything. I do have the back up on, with a strong password. Sadly to sync between devices, you need the back up turned on.
@prime: That's really helpful to know! Thank you! :)
I also used an email address not the same as my 1Password account on Authy.
Ah, good call. Just make sure you keep track of all of that! I might have trouble. :crazy:
I use to put my google voice number on this stuff, because no one knew what it was. Now working for my friends company, I use that google voice number.
Doh! :lol:
The ideal world would be AgileBits making an authenticator app too ;) make it so there is a secret key and a password :lol:
Hmm... Not something we have plans for currently, but who knows. :)
0 -
Ah, good call. Just make sure you keep track of all of that! I might have trouble. :crazy:
There’s an app for that, it’s called 1Password, check it out! In my Authy password category, I put the email I used for that in the notes area :lol:
Hmm... Not something we have plans for currently, but who knows. :)
Would be a cool idea. I know you guys can make something very cool.
0 -
There’s an app for that, it’s called 1Password, check it out! In my Authy password category, I put the email I used for that in the notes area :lol:
@prime: You're right of course, but then we're getting back into Inception territory again. ;)
Would be a cool idea. I know you guys can make something very cool.
Honestly, I'd love push notifications in the apps. But I know that wouldn't be what everyone else wants. We'll see what makes the most sense. :)
0