No longer have the phone with authenticator app [please email [email protected] for 2FA reset]

joedelvejoedelve
edited April 29 in Families

I have access to my 1Password account on my new phone and on my Windows 10 PC but cannot login to the web or setup a new device without the authenticator app on the old phone. To be honest it is very clear that one needs to keep their secret key and master password safe. However, it is not clear at all that one should somehow backup their 2-factor authentication code in any way. Moreover, the concept is completley contradictory to every other app or service available that makes use of 2-factor authentication. There is always a backup method, i.e. text message, email, etc., that can be used in case the authenticator app is lost, stolen or otherwise unavailable.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • dancodanco Senior Member Community Moderator

    Of course, one does not need a specific authenticator app. However, one does need the authentication details, best kept in the form of the QR code but also possible by the long text.

    The good news is that one of the few things that AgileBits can do with an account is remove 2FA for you even if you can't log in using a web browser (if you could use a browser, you could remove 2FA yourself).

  • Thanks for the response. I understand that it's not the specific app that's relevant, but authentication details contained within the app. However, the point is that, assuming most people do not have multiple sets of authentication details on multiple devices, it's not clear that this information must be backed up just like the emergency kit info and if the authentication device is not available for any reason, you're left in this state of limbo.

    Having said that, your indication that I can have AgileBits simply remove the 2FA on the backend is great. Do you know how would I go about doing that?

  • dancodanco Senior Member Community Moderator

    AgileBits staff do read and respond to all forum threads, so this should be enough. That said, they have enough requests that they can be slow in replying, and an email at this stage won't speed things up. Just waiting is probably best, though I do see that is frustrating.

  • Sounds good. At least I know it's possible to get out of this mess. And next time I will certainly include my 2FA details as part of my backup strategy. I will also make a suggestion that they make this necessity more clear for users of 2FA. Thanks for the information.

  • BenBen AWS Team

    Team Member

    Hi @joedelve

    Your point about making this more clear is well taken. I would point out that this would be applicable to any two factor protected service... as you need both factors to access the service it makes sense that both factors should be backed up. To resolve this I'll need to put you in touch with our security team who can perform an account verification. To get that process started please send an email to us at [email protected] from the email address associated with your account (this must match). You'll get an automated response from BitBot with a support ID. Please post that ID here so I can get the request to our security team.

    Thank you.

    Ben

  • Hi Ben. Thanks for your help. I do understand the idea behind two factor services. I just think it's not clear that there is no way to get back into the web app in the event of a lost/stolen authentication device unless you've permanently recorded your auth details (other than secret key and master password) somewhere. The idea behind the secret key and master password is obvious and well documented. As I said, every other two factor protected service I've ever used has a backup method for just that reason. This is not the first time I've switched devices with the auth app, but I've never had to backup any two factor auth details for any other services. The support ID is [#HMT-57763-427]. Thanks again for your assistance. It is greatly appreciated.

  • BenBen AWS Team

    Team Member

    Thanks @joedelve. I believe there is some discussion in progress about including the TOTP secret in the Emergency Kit. I'm not sure what the current status of that is, but on the face of it that seems like a good idea to me.

    I see we've received your email and I'm going to try to get someone from our security team to reply today if possible.

    Ben

  • Hello, Ben
    My apologies if I am not meant to join this conversation, but this is exactly my situation. I have just sent an email to [email protected] from the email account associated with my 1Password.com address to begin the process of removing its 2FA. To say that I'm relieved that this can happen would be an understatement! As soon as I get the ID, I'll post it here. Thanks. Kind regards. Stephen

  • ag_anaag_ana

    Team Member

    Hi @bottleneck!

    Thank you! Sounds good :+1: And we will get back to you as soon as possible :)

  • edited March 22

    Hi, there. Here it is: For your reference, your support ID is [#UTZ-19994-721]
    Many thanks, @ag_ana :-)

  • BenBen AWS Team

    Team Member

    Thanks! I'll be sure that gets the attention of our security team as soon as possible.

    Ben

  • Hiya. I'm having the same problem. My support ID is [#IYD-99624-382]

  • BenBen AWS Team

    Team Member

    Thanks @kremmern. Our security team should be in touch soon.

    For anyone else reading: it isn't necessary to both post here and email. The email is sufficient. If you do post here we'll need to direct you to email. Thanks for understanding. :)

    Ben

This discussion has been closed.