Allow the authenticator app to be removed without disabling 2FA when security keys are in uses

I was setting up a new phone but flubbed the authenticator transfer so I had to redo all my authenticator logins, but when I got to 1password in order to get my authenticator app QR code, I was forced to completely disable 2FA to set it back up, deleting not only the authenticator app but both my primary and backup security keys, then had to not only reconfigure the app but both keys again as well. There should be an option to either reset the authenticator app or remove and re-add if other 2FA methods are available


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @Jason_G: Thanks for getting in touch! Can you clarify?

    Allow the authenticator app to be removed without disabling 2FA when security keys are in uses

    Removed from what? If you mean "removed from the 1Password account", that's just another way of saying "disabling 2FA" for the account.

  • Jason_GJason_G
    edited September 2019


    If you have security keys, yubikey and such, attached to your account you can still have 2FA without the authenticator app, I shouldn't have to re-add security keys just to redo the authenticator.

  • JasperJasper

    Team Member

    Hi @Jason_G,

    We don't allow removing the authenticator app currently as not all of the 1Password apps support security keys, so you'd be locked out from many of your devices. Hopefully in the future we're able to expand support across all apps and allow removing the authenticator app, though no news to share on that right now.

    If that doesn't end up happening, I can see how allowing you to reset the authenticator app could be helpful. I'll make note of that suggestion for future consideration.

    Thanks for the feedback!

  • edited November 2019

    Hi @Jasper,

    Just wanted to put in a vote for the above request. I moved to security keys across all my most important apps, including 1password, because they're inherently more secure than app-based 2FA. Requiring me to keep the app option active feels a bit like it defeats the purpose.

    I understand you don't want folks getting locked out of some devices, but your support for security keys continues to improve, and my bet is that the folks who use security keys on your platform are savvier than average. If we're given the option and warned sufficiently of the possible repercussions, we'll make the right decision for us.

    My two cents.

  • BenBen AWS Team

    Team Member

    This is something we can reconsider once 1Password for Mac, 1Password for Windows, and 1Password for Android support U2F.

    Ben

  • Understood, thanks for your response. Have you released a public timeline for those updates?

  • BenBen AWS Team

    Team Member

    Understood, thanks for your response

    You're very welcome. :)

    Have you released a public timeline for those updates?

    As a policy, we don't do public timelines.

    Ben

  • Another vote for this. I want my 1Password, everywhere, to be locked down only to U2F keys.

  • ag_anaag_ana

    Team Member

    Thank you for your feedback too @longislandsound :+1::)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file