The security of storing the 2FA key into 1Password

Mattis
Mattis
Community Member

Hello everyone!

I have one thing which I asked some time ago in this forum. Two-factor authentication is yes a great way to secure your account besides a strong password. 1Password supports since 1Password 5, if I remember correctly the possibility to generate the codes for the two-factor authentication.

Now 1Password 8 is here and offers the great universal autofill. Since last year, I have been using a YubiKey as a second factor and also have the secrets for all accounts stored in YubiKey authenticator.

Now, of course, some of the convenience that could be given by Univesal autofill is lost. Since I have to insert the physical YubiKey every time to log in somewhere. Pretty annoying.

Is saving and generating one-time codes in 1Password really a good idea and does it make sense? Is it secure?

I have secured my 1Password account with the YubiKey since I have it. What are you using your YubiKeys for?

I was thinking of storing all the accounts that have two-factor authentication in 1Password except for accounts that are particularly vulnerable. For example, 1Password. The most vulnerable accounts will then be secured with the YubiKey. Is this a good idea?

Thanks for reading and sorry for my repetition

Mattis


1Password Version: 1Password 8
Extension Version: Not Provided
OS Version: macOS Monterey

Comments

  • Hey @Mattis:

    Great question! Our principal security architect, Jeffrey Goldberg, spoke a bit about this here: TOTP for 1Password users

    Let me know if that helps, or if you've got any other questions!

    Jack

  • Mattis
    Mattis
    Community Member

    Hey @Jack.P_1P!

    Thank you for your reply. After I read the article you sent above, I made the decision to not let 1Password generate the codes for two-factor-authentifcation :)

  • Hi @Mattis,

    Thanks for letting us know, and I am glad you made the decision that was right for you.

    Let us know if we can be of any more help.

    Alex

This discussion has been closed.