Recovery codes for 1Password 2-factor auth

@lookingforentropy - we don't support backup codes for 2FA in 1password.com accounts. Our Chief Defender Against the Dark Arts, jpgoldberg, runs down the reasons for that in this post from back in September:

1. The single biggest reason is that we are desperately trying to get people to make backups of their Secret Keys. We don't want to dilute that message in any way whatsoever, and giving people something else they should save would be diluting it.
2. The Secret Key is confusing enough on its own, and we don't want to make it easier for people to think that they have it backed up when all they really have are TOTP backup codes.
3. TOTP back up codes don't really add a lot of value. So we aren't really losing much by not offering them. Sure, it isn't a lot of fun when people write in to tell us that they've lost their TOTP secret, but we can get those sorted out. (And as unfun as that process is, it is a picnic compared to when people write in saying they have lost their Secret Keys.)
4. There are (easy?) alternatives to TOTP backup codes. If you want a back up mechanism for TOTP just save the TOTP long term secret or QR code some place. You have ways other than backup codes to back up your TOTP access (which is the one thing we can reset anyway. (Some apps make it hard to do this; others make it easy.)

That last one is the most-salient one for you, if you're worried about losing your 2FA app/device/secret: take a screenshot of the QR code you're showed when you first activate 2FA on your 1Password account. You can keep it anywhere you like, printed or saved as an image or PDF file, in case your authentication secret is lost. And if all else fails, as jpgoldberg alludes to, you can get in touch with us and we can help get you sorted out in most cases. Hope that's helpful.

@lookingforentropy - thanks for the kind words about the Secret Key; we're pretty happy with that feature too! I'm glad to see you thinking proactively about how to safeguard your account, not only via encryption and authentication, but also by making redundantly sure you'll be able to access your data. The most-secure files in the world aren't worth much to you if you can't open them yourself. ;)

To answer your question regarding lost access to a 2FA secret or authenticator app/device, there's a few methods we can help with. The first (and often, successful) one is: do you have any devices (apps) or browsers available on which you've previously authenticated with 2FA? Remember, in 1Password accounts, only the first sign-in on any device after enabling 2FA for the account requires 2FA. Subsequent unlocks from the same device will not prompt for 2FA, and that means often an existing browser can be used to sign in with only the Master Password, after which the user themselves can turn off 2FA.

We also will in some cases ask a series of verification questions about the account that only the user would know, which can vary depending on individual circumstances and type of account. There's a bit more to it than that, but that's why I say we can help in most cases -- because each individual situation is slightly different.

:) :+1: