Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Thoughts on MFA and 1Password?
I recently started using 1Password for MFA on some of my accounts. It seems to work really well and I like the functionality.
That said, I’ve always understood the logic of MFA to be “something you know, and something you have.”
If 1Password is filling the password and the authentication code or passkey doesn’t that bypass the purpose of MFA in general? You're using one utility to store your password and your 2FA so it becomes a single point of failure in terms of cybersecurity right?
I'm genuinely not posting this here as a criticism. I want to see if anyone can enlighten me on anything I might be missing here?
Just had an interesting thought about this while logging in to a server...it's protected through OpenVPN connect which requires password AND TOTP. Great! It's a new one so when I set up I wasn't overly concerned or thoughtful...now that my client data is on it and TOTP is established for access in 1P....would it EVER be possible for the TOTP code...conveniently stored in 1P to ONLY be accessible upon the use of a Yubikey?
This would protect - should someone ever gain access....my RDP connection to my server. No YK...no VPN, no server. (Or am I overthinking this?)
- 1P_Dave
Moderator
Hello thrillho93! 👋
Thank you for reaching out! This is a very popular question and we have an excellent blog article about the subject here: 1Password and 2FA: Is it wrong to store passwords and one-time codes together?
Let me know if you have any questions once you've given that a read. 🙂
-Dave
