Sendgrid requires Authy for 2fa, can I use 1password instead?

I think the subject pretty much says it all. I got an email from sendgrid today saying I have to enable 2fa by december. When I read the instructions, they either support Authy (never heard of it before this), or SMS. I would prefer to use 1password for convenience since I log into sendgrid a lot and I already have a really secure password.

I can find articles that tell me how to use authy as the 2fa for my 1password account password, but nothing on how to use 1password instead of authy for a site.

Thx


1Password Version: 7.6.785
Extension Version: Not Provided
OS Version: Win 10
Sync Type: 1password family

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited October 2020

    Hey @gveres ,

    One-time codes are a standard security measure with open sourced code, so there are a lot of apps out there that can function as your authenticator app. One of them is Authy. The most known and common one is Google's Authenticator.

    1Password itself can function as your authenticator app, so no need for Authy or Google's Authenticator though, which makes things so much easier. Here's how to add 2FA of a website in 1Password: https://support.1password.com/one-time-passwords/#to-save-your-qr-code-in-the-apps

  • gveres
    gveres
    Community Member

    Hi @ag_yaron

    I am aware and use 1password for 2fa with a bunch of sites. But Sendgrid doesn't seem to provide a qr code. So I am not sure how to configure 1password to be the replacement for authy.

  • ag_yaron
    ag_yaron
    1Password Alumni

    @gveres ,

    QR code is one way to add the 2FA secret to your authenticator app (in this case - 1Password). The other way is to manually copy the secret, which is usually a long random string of characters, create a new one-time passcode field in your 1Password app and paste the secret there. Here's how:

    1. Enable 2FA in your account on the website. Most websites will give you a QR code to add to your authenticator, but this website will probably show you a secret that you need to add to your authenticator. Copy that secret.
    2. Open your 1Password app and select the login entry of this website, then click on "Edit" to enter edit mode.
    3. Under the username, password and website URL fields you'll see some empty fields you can fill manually. Select one of the empty fields, click the plus icon on the right of it and change the field's type from "Text" to "One-time passcode".
    4. Paste the secret into the empty field and click on "Save" to save the changes. 1Password will start generating 2FA codes for you immediately.
  • gveres
    gveres
    Community Member

    Ok, unfortunately SendGrid must be doing a very tight, non-standard integration with Authy. What they provided was not a secret, it was a 5 digit pin and a phone number(my configured phone number). It doesn't look like they provided a secret to me at any point.
    I assume at this point I am stuck with the clunky workflow of starting up Authy to get the code.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @gveres ,
    I tried signing up for a free account there to test it but wasn't successful without contacting their support to confirm my test account.

    Any chance you can provide a screenshot of what the 2FA setup page looks like? You can censor out any personal info in the screenshot, or you can send it to me via email if you prefer (to support+extensions@1password.com, just add a link to this forum discussion in the email's body).

  • Hey @gveres. I wanted to circle back on this one. There is the occasional site where they've chosen not to use the standard time-based one-time password algorithm and instead opt for the proprietary Authy. SendGrid is one of those, so you won't be able to use 1Password for your two-factor authentication currently. We have an open feature request for looking into extracting Authy secrets for use in 1Password, but I can't offer any guarantee when or if we'll be able to look into this or if it's even a possibility — but I'll let the team know you've run into this and would like to see it.

    In the meantime, you'll have to use Authy, and if you feel so inclined, I'd suggest reaching out to SendGrid and expressing your desire for a standard TOTP implementation. :smile:

    ref: dev/projects/customer-feature-requests#377

  • gveres
    gveres
    Community Member

    Thanks @ag_michaelc yea, it definitely looks like a proprietary approach. Even their TOTP is only 6 digits instead of 9.
    I will submit a request to SendGrid.

  • You're very welcome. Happy to clear things up. Cheers!

  • LosInvalidos
    LosInvalidos
    Community Member

    It is really a shame that companies like SendGrip are pushing proprietary OTP mechanisms. Makes me wonder why. Will also reach out to them :angry:

  • ag_yaron
    ag_yaron
    1Password Alumni

    That's a great idea @LosInvalidos .
    The more users complain, the better the chances that they'll turn things around. :+1:

  • gveres
    gveres
    Community Member

    @maximepvrt Thanks I will try that out. Unfortunately, I am on windows using 1password. :(

  • Nhat_Nguyen
    edited November 2020

    Hello @maximepvrt,

    Thank you very much for the link, it is interesting, and I would like to try it on Windows for @gveres. However, maybe Authy changed the port or something since I can't use "--remote-debugging-port=5858" in the Target field. It always throws the "Target box is not valid" message. If you have any hints or information on the issue, it would be wonderful.

  • maximepvrt
    maximepvrt
    Community Member

    I used this code for mac only sorry. Now I can login to sendgrid 2FA with 1password 😍

  • Nhat_Nguyen
    edited November 2020

    Hello @maximepvrt,

    Thank you for getting back. It is great to know that there is a way to convert Authy to otpauth:// URI. It would be helpful in case another tech-savvy Mac user want to try converting Authy to 1Password.

  • corina
    corina
    Community Member

    Hi @ag_michaelc, @ag_yaron and the team!
    It would be really nice to be able to use 1pass on sendgrid. Do you have any good news on this?

  • Hey @corina. I do not have anything new to share on this front, I'm afraid. Thanks for checking on this. :smile:

  • corina
    corina
    Community Member

    Thanks @ag_michaelc! Do you know when you'll have the feature to extract the Authy secrets for use in 1Password?

  • ag_ana
    ag_ana
    1Password Alumni

    I am afraid we don't have updates to share yet @corina, sorry!

  • pvalois
    pvalois
    Community Member

    Really shady tactic from Twilio who own both Sendgrid and Authy...

  • [Deleted User]
    [Deleted User]
    Community Member
    edited October 2021

    @pvalois Authy supports two types of 2FA token: Authenticator Tokens which comply with the TOTP standard and Authy Tokens which are non-standard and Twilio specific.
    Twilio offers Authy for free because it provides 2FA back-end services to websites and the Authy Tokens allow them to offer websites push notifications and other services which are not supported by the TOTP standard used by authenticator apps, 1Password, etc.
    Authy Tokens are not provisioned with a shared secret transferred by QR code or manual entry code. The user's phone number is used as an identifier to link their account on a website with their Authy account on Twilio's servers. So I don't think we will ever see support for this within 1Password.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Indeed, @rootzero is right.

    While we do have this issue filed internally, it is considered low priority and probably won't make it into our to-do list anytime soon.

This discussion has been closed.