Two-factor authenticato problem, can't login in my account
I have enabled two-factor authenticator from my android device using Google Authenticator app. But the next day I have formatted my smartphone and install a new ROM. I have lost my Google Authenticator (if I open the app I can't see 6 number code) and now i can't login from any device, even from web.
The only device where I have login it's my MacBook Pro. How can I login from web and remove two-factor authenticator? I sent an e-mail to the 1Password Support one week ago, but they don't reply me, yet.
I have 30 days to try 1Password but I have lost 7 days because of this problem. Please help me!
I don't have no friends or people that can help me to restore my account as written in the guide.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@pepperega27: I'm sorry to hear that you destroyed your authenticator without having a backup. Two-factor authentication can be disabled from your account's Profile page at 1Password.com in a web browser you've already authorized on your account. I see that you've already been in contact with Laura via email, so we'll continue the conversation there to avoid trying to have the same conversation in multiple places, since that means a longer wait for everyone — including you.
ref: YQB-44234-249
In case it helps anyone else, we may be able to help, but takes time since security checks and account changes are involved.
If you are temporarily away from the device where your authentication code is generated, it may be best to wait until you have access to that device again. alternatively, you could use a device that is already signed in, whether it’s one of the 1Password apps or a browser you’ve signed in with before. The code is only needed when signing into a new device/browser, so you could access your account on an existing device and disable it from there:
- Click your name in the top right and select My Profile.
- Click More Options on the left and select Turn Off Two-Factor Authentication.
From there, you can also re-enable 2FA to get a new TOTP secret and set it up again. Just be sure to save a backup somewhere safe.
Also, several authenticator apps have backup and recover options. Authy is one example of an app that allows you to recover your 2FA codes if you lose your phone. You can find their instructions here:
But even if you don’t use Authy, it’s worth checking to see if your authenticator app has options available for recovery.
However, if you won't have access to the device where the authentication code is generated going forward, or any other devices you've already authorized with your 1Password.com account, shoot us an email at support@1password.com and we'll go from there.
0 -
@brenty I don't have any device where I have login in browser, so I can't disable 2FA. I have login only in my MacBook Pro App, anyway e-mail support replied me, so now I must only wait...
I hope that everything will gone well and I'll could restore my account🤞🏼0 -
No worries. We'll help you get sorted. :) :+1:
0 -
I want to tell you that the support helped me and now I have back my account.
Thanks!0 -
:) :+1:
0 -
That's great to hear, @pepperega27.
What you've experienced (along with others) reflects an odd issue with 2FA. When people enable it they, typically do so with the intent that this second factor is required for authentication. And so having a reset procedure goes against that intent.
I'd also like to take the opportunity to remind anyone reading this thread that while we are able to reset 2FA status, 1Password is designed in such a way that we are incapable of resetting a Master Password or Secret Key.
0 -
@jpgoldberg I have saved my emergency kit, so I'll be okay👌🏼
0 -
I have saved my emergency kit, so I'll be okay
Excellent! Thank you.
0 -
I faithfully protect my Master Password and Key but I only had one browser authorized for two-factor authorization. I do have 1Password access on my iPhone and iPad but no longer on my PC Browser. For the benefit of another program, I had to clear my cache. I didn't realize this would deauthorize 1Password. Would have been no problem except I no longer have access to the authenticator app I originally used to install 2FA on 1Password. Now I am locked out of 1Password on my computer but not my iPhone or iPad. Unfortunately, the ability to turn off 2FA is not an option on the iPhone or iPad so I'm stuck waiting for support to reply to my plea to reset my 2FA.
Suggestion for 1Password:
- Make it possible to turn off 2FA from your mobile devices.
- Provide other options for 2FA besides an authenticator app. For instance, Gmail offers different means for authenticating your identity besides the authenticator app.
Thank you.
p.s. My ticket #MDD-55779-989 is still open and I'm waiting for a reply. Thank you!!
0 -
Make it possible to turn off 2FA from your mobile devices.
@sgscottjr: That sort of defeats the purpose — and protection — of two-factor authentication.
Provide other options for 2FA besides an authenticator app. For instance, Gmail offers different means for authenticating your identity besides the authenticator app.
Sorry, we're not going to offer insecure options like SMS.
Ostensibly you enabled two-factor authentication on your account expressly for added security, to prevent someone from signing into your account if they had your Secret Key and Master Password by also requiring a one-time password. This feature is doing exactly what it's supposed to do: keeping anyone without the one-time password out.
Ultimately there's a really good solution to this problem that doesn't involve weakening security or making things more complicated: save your account credentials in case you need them in an emergency.
I'll get back to you via email as soon as I'm able.
ref: MDD-55779-989
0 -
@brenty Hi...
I don't understand "Ultimately there's a really good solution to this problem that doesn't involve weakening security or making things more complicated: save your account credentials in case you need them in an emergency."
I have my Master Password and Secret Key, what other credentials could I have saved? The authenticator app that I originally used was on a phone that was damaged beyond repair. And, if there is a way to recover the install from Google on another phone I don't know how to do it. As soon as this is fixed I'm going to use the other authenticator that spans across various devices.
Thank you for your help. Love your product just want to get back in there! :-)
sgscottjr
0 -
I have my Master Password and Secret Key, what other credentials could I have saved?
@sgscottjr: Your TOTP secret and/or QR code for two-factor authentication, since you'd need that to generate the code once enabled. It sounds like you put it only in the authenticator app you lost/deleted. You can use that on multiple devices, or just save a copy of it somewhere secure.
Thank you for your help. Love your product just want to get back in there! :-)
Thanks for the kind words. I'm still working my way through messages older than yours, but it's in my before bed queue here. :)
0 -
Oh....I should have snapped a picture of the QR code the Google Authenticator used to set up the connection. That would have solved the problem. I never thought about that. Thank you.
0 -
@sgscottjr: Sure thing! That's definitely one way. For some reason I'm not a fan of storing the image and prefer the text TOTP secret, but that may just be a holdover from when my "huge" 50MB hard drive kept running out of space back in the day... :lol: Either way, having a backup is always good, just in case. :)
0 -
There’s another thought. Don’t enable 2FA for 1Password. In some contexts it’s a wonderful feature, but in others..... I have Authenticator with the same seed on multiple devices just in case I lose one. (Not even sure if you can back up google Authenticator directly). I always put it in 1Password OTP item field as well.
So, all I do is have a nice strong master password and secret key, and At the speed of HTTp against the web site, I suppose an IPS of some kind and rate limiting controllling how often someone tries to get into an account, it should take them a few heat deaths of the universe to crack.
Anyone that can get your secret key is in a position to get a OTP as it flashes on your phone or screen...
Yeah, I know corporate offices want it, but not sure it isn’t mostly theatre when dealing with the 1password web site with a long strong password, so in this context and referring to this context only.
0 -
I don't disagree with you, @AlwaysSortaCurious :)
Certainly some people have a specific need/desire for two-factor authentication, but it's important to note that 1Password's security doesn't depend on that, since it's based on encryption. No matter what, even if authentication is bypassed because one of your authorized devices is taken from you, someone would need the "keys" to be able to decrypt your data. That definitely helps me sleep better at night. :chuffed:
0
