Feature request: backup keys / email for 2FA

Captain_Hook
Captain_Hook
Community Member

Hi guys,

Its great we can setup 2FA to login to 1Password.

However, what if we lose the phone with the authenticator app?

An article on 1Password site says we can still login and reset the 2FA from the authorized devices. Some people (like me) delete their browsing, etc on browser exit, so browsers are not consistent and require 2FA on each login, so a no go.

It narrows it down to a phone and 1Password Windows/MacOS app but if the phone is lost, its only 1Password app.

So what if it will glitch or something? It will literally mean we are stuck with locked 1Password account.

Maybe it will be a good idea to generate backup 2FA keys and allow users to download them to avoid a scenario like this? Or just allow an option to email a one-time backup key to user's email once all credentials are entered and the user is stuck on 2FA screen? Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • @Captain_Hook

    If you're part of a 1Password Business membership, your IT team should be able to assist. Otherwise, we'd need to put you in touch with our security team. In that case, please reach out to support+security@1password.com from the email address associated with your 1Password membership.

    Perhaps this is something we can improve on this in the future. Thank you for sharing this with us.

  • [Deleted User]
    [Deleted User]
    Community Member
    edited April 2021

    @Captain_Hook 1Password allows 2FA to be disabled by email, but this takes time and requires users to jump through some security hoops. As email is not as secure as using an authenticator app, I think this is a better solution for most users. However, make sure you can access your email account after deleting cookies.

    There are a number of ways you can back-up the secret stored in your authenticator app:

    1. Use an authenticator app which stores then off-line like Yubico Authenticator;
    2. Use an authenticator app which backs them up locally like Aegis;
    3. Use an authenticator app which backs them up to the cloud and syncs across devices like Authy;
    4. Scan the QR code with more than one device, e.g. your phone and a friend's;
    5. Print or save the QR code for scanning later when you need to recover;
    6. Print or save the manual entry long term secret for entering later when you need to recover.
  • :chuffed:

  • jmjm
    jmjm
    Community Member

    (I have nothing but praise for the AEGIS app)

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the feedback @jmjm :+1: :)

This discussion has been closed.