I have decided to strengthen my security but am confused setting up multiple devices

dgraves
dgraves
Community Member

I have a family account (two users, one vault) with 149 logins from a Win PC, an iMac, two iPhones and an iPad.I have setup 1Password using strong, unique passwords. My confusion lies in the system architecture for 2FA. How can I set it up so that each device can access a 2FA enabled login for each login? Question One. Is the 2FA setup account level (e.g. Amazon) or device level (e.g. iPhone 1) ? Question Two Must all devices use the same 2FA setup (e.g. Authenticator App versus Security Key)? Question Three: Given the answers to questions one and two, there seems to be a "best practice" system architect that minimizes keystroking and app swaps to use the 2FA setup on a daily basis. Ease of use, minimizing keystroking and app swap, reduces the end-user training and "home tech support" required to manage the process.
My thought is a 5ci Yubikey for each user (two identical 5ci Keys) and a USB C to A adapter. I am not sure how to set up1Password, account 2FA, and an authenticator.
Please help me plan the migration.


1Password Version: 7.4.753
Extension Version: 4.5.7.90
OS Version: Win 10 Ver 1909,
Sync Type: ???
Referrer: forum-search:2fa How to setup family multi device 2fa

Comments

  • ag_ana
    ag_ana
    1Password Alumni
    edited August 2020

    Hi @dgraves!

    Question One. Is the 2FA setup account level (e.g. Amazon) or device level (e.g. iPhone 1) ?

    It's at the account level: you activate 2FA for your Amazon account, regardless of what or how many devices you use.

    Question Two Must all devices use the same 2FA setup (e.g. Authenticator App versus Security Key)?

    Because 2FA works at the account level, it's not a matter of device. If you configure 2FA for Amazon using an authenticator app, you will need an authenticator app to login. If you configure 2FA on Amazon using a Yubikey, you will need to use that Yubikey when you login, no matter the device.

    Question Three: Given the answers to questions one and two, there seems to be a "best practice" system architect that minimizes keystroking and app swaps to use the 2FA setup on a daily basis. Ease of use, minimizing keystroking and app swap, reduces the end-user training and "home tech support" required to manage the process.

    I am not sure what the question is here? But if I understood it correctly, you could also use 1Password itself for your 2FA codes, if you are looking for the quickest way ;)

    My thought is a 5ci Yubikey for each user (two identical 5ci Keys) and a USB C to A adapter. I am not sure how to set up1Password, account 2FA, and an authenticator.

    If you use a Yubikey to protect one of your online accounts, 1Password does not to do anything, you configure Yubikey authentication directly on the website, and then you will have to use the Yubikey each time when you login to that account.

    In summary:

    • You configure 2FA for each of your websites, directly on the website
    • If you want to use 2FA without a Yubikey, you need an authenticator app (or you can use 1Password for this too, if you prefer)
    • If you want to use 2FA with a Yubikey, you configure all this directly on the websites where you have a Login, 1Password would not play any role here
This discussion has been closed.