About Two Factor Authentication
Hi!
I have been using 1Password for years and I'm trying to use 1Password account for my family maintaining my 1Password local vault. I have seen that 1Password supports Two Factor Authentication and I have discovered Authy Whitch I didn't know anything about it and Duo also.
What would you recomment Google Authenticator, Authy, Duo? Whitch is more secure? What is your opinnion? Could you please explain more about that?
With regards,
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I’ve used them all and Authy seems the best. All are secured and do the same thing, but Authy just seems nicer.
0 -
Hi @juan
Duo isn’t available for 1Password Families accounts. You can read more about Duo here:
https://support.1password.com/duo/
As for Google Authenticator vs Authy for TOTP we don’t have a recommendation of one over the other.
Thanks!
Ben
0 -
Thank you very much for your reply @Ben
Could you explain a little bit the difference between Authy and Duo?
I have discovered that 1Password also supports saving two factor authentication passwords reading the 1password support page.
I think that a secure idea is for example saving the 2factor authentications for accounts in 1password and saving the 2factor authentication of 1password in Authy. I think this is so good because 1pass have the strongest security to save them.
So, the inconvenient is that Google authenticator is only in your smartphone and 1password is on all devices, so if 1password compromised the password and temporal password are compromised.
What do you think about my reflexions?
With regards,0 -
Could you explain a little bit the difference between Authy and Duo?
Authy and Duo are quite different from one another. Authy is more similar to Google Authenticator in that it's generally only used an app to store TOTP secrets in order to generate one time passwords for apps and websites.
Duo on the other hand is a much larger multi-factor authentication system. When a company enables Duo for 1Password and you get prompted for a second factor, you generally ask Duo to send your phone a push notification which you approve or deny within their app.
I think that a secure idea is for example saving the 2factor authentications for accounts in 1password and saving the 2factor authentication of 1password in Authy. I think this is so good because 1pass have the strongest security to save them.
This is a good approach.
Rick
0 -
If I move from stand alone to subscription, and that's by no means a given at this point, I would of course enable two factor authentication for my account. However, can I only set up one code generator? I use yubikey on my home laptop but the machines at my university have USB disabled and my phone obviously doesn't have USB, so I also have my accounts set up in Authy. Can I set up both methods in 1PW? Also where can I read about the pros and cons of using my password manager as my 2FA code generator for my other accounts? It feels like putting all the eggs in one basket. An attacker would only have to breach my password manager - one thing - instead of my password manager and code generator - two things.
0 -
If you write down the 2FA generation code you can use that in as many 2FA Apps as you want.
0 -
Yep, XIII is spot on.
Ben
0 -
So yubikey + authy and I can use either?
0 -
You could, yes.
Ben
0