1PW + 2FA - Recovery Codes/Configuration?

lyons238
lyons238
Community Member

Hello,

I've been using 1PW for 2-3 years now and I absolutely love it. However, I realized recently I have not been keeping up with storing my Recovery Codes for 2FA. Which got me thinking...

  1. Is it bad practice to store Recovery Codes in 1PW as if someone got into my 1PW then they could easily get into my accounts with the PW and 2FA Recovery Codes right there, right? Or am I missing something? Conversely, I was thinking to just store them on a secured thumb drive. Any tips are appreciated!

  2. Also, I had another quick Q, can I access my 2FA recovery codes on Authy or do I get them from the individual website/account? Also, if I've used Google Authenticator in the past, is it wise to delete accounts I'm not using on there anymore due to Authy? I don't believe I ever cleared them out when I switched from Google Authenticator to Authy.

Any tips are appreciated!


1Password Version: 7.9.2
Extension Version: 7.9.2
OS Version: macOS Big Sur 11.6

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @lyons238 Are you planning to move your 2FA tokens into 1Password? Or will you be keeping them in Authy?

    1. Some would say that 2FA & recovery codes must be stored separately from passwords. However, the main point of 2FA/recovery codes is that they are stored on your trusted devices and remotely from the relevant website. So 1Password is a good place to store them.
    2. You cannot extract 2FA tokens or recovery codes from Authy. So you'll need to re-visit each individual website. This is a good idea anyway because they may have changed when you moved from Google Authenticator to Authy.
    3. I would double check that all your 2FA tokens are in Authy, that you are able to login to each website in a private window using Authy and then delete all your 2FA tokens from Google Authenticator.

    When using Authy its important to keep a local record of your "backups password". You might want to store this with your 1Password secret key.

  • Kennsen
    Kennsen
    Community Member

    On this topic, I was wondering, if there is a way to get a multi-line textfield in the 2fa section. The recovery codes are otherwise just a very long string of text. Or I have to store the recovery codes in the note field, which is the only multi line input I have in 1pw. As it is common to have any otp with recovery codes, would it be an idea to add a field for the recovery codes in there? Thanks for you response.

  • Hi @Kennsen:

    We're always discussing how we can make 1Password even better, and I've added your feedback about better recovery code handling to an open feature request we have on the subject. While I can't promise when or if it'll be added to 1Password, our developers regularly go over this feedback to see if it's something that would make sense to add in the future. Thanks for your feedback!

    Jack

    ref: dev/projects/customer-feature-requests#212

  • lyons238
    lyons238
    Community Member

    @rootzero Thank you for your very detailed and helpful response, that's exactly the information I was looking to confirm. I will follow your tips! Cheers!

    @Jack.P_1P I also would enjoy that feature that @Kennsen requested as this would certainly help keep our 2FA/Recovery codes organized.

  • Hi @lyons238:

    I've added your input to the issue I mentioned above. Thanks for your input! 😃

    Jack

This discussion has been closed.