Logging into 1PW in an EMSEC Environment
I may have a bit of a fringe case here, but I'm wondering if there is a way forward I'm not seeing.
So I've recently gotten on board with 1PW and I've migrated all my data into my Vault. While doing that I'm taking the opportunity to reset all my password, setup 2FA wherever I can, basically doing a whole security overhaul.
Now to the crux of the issue, I work in a high security environment, basically, no personal phones allowed, no smart devices of any kind, strictly controlled networks, can't install any of my own software, but we are allowed to have our personal account logged in on our we browsers so we can get our personal email, Facebook, stuff like that.
The problem I'm having is getting into my 1PW to get my passwords. How I used to do this is to write 1 or 2 of my backup codes with me and take them into the office where I could bypass 2FA and get onto my accounts. But since 1PW doesn't use one time codes, I'm haven't a bit of trouble.
Is there an obvious way around this I'm not seeing?
TIA
Comments
-
Hi @Covakel!
The problem I'm having is getting into my 1PW to get my passwords. How I used to do this is to write 1 or 2 of my backup codes with me and take them into the office where I could bypass 2FA and get onto my accounts. But since 1PW doesn't use one time codes, I'm haven't a bit of trouble.
Just wondering: are you allowed to bring a personal security key at work? If you are, you could configure 1Password to ask you for your key instead of your TOTP codes:
Use your U2F security key as a second factor for your 1Password account
0 -
@Covakel Would you be allowed to take in a programmable hardware token? These are a hardware replacement for time-based one time password (TOTP) authenticator apps. They can be programmed with the long term secret and include a display, so they don't need to be connected to your computer systems.
0 -
Would you be allowed to take in a programmable hardware token?
Yes as long as the device didn't have any kind of transmitter or receiver.
@ag_ana if I disable 2FA on my account, then go into my office, login, the re-enable 2FA, will it maintain my session or will it kick me out?
Seems like this would be a good reason to have 1 time backup code. Even if 1PW just generated 1 at a time for a specific use.
0 -
if I disable 2FA on my account, then go into my office, login, the re-enable 2FA, will it maintain my session or will it kick me out?
I think you would have a different issue: because at the moment not every 1Password app supports hardware keys, activating an authenticator app is a required step when you enable 2FA. You can always choose to use a hardware key, but in case you want to use 1Password on a device that does not support hardware keys, you would be able to login with a TOTP code in that case.
But this means that if you try to enable 2FA at the office, you would be prompted to enable an authenticator app first, which is something that in your case your are not allowed to do unfortunately.
0
![[Deleted User]](https://w5.vanillicon.com/v2/5ffb59761299acfaac4654dd3a18e95b.svg)