One time passwords

squash
squash
Community Member

Hi. Sorry if this has been asked before, but I am finding it strange to store my one time passwords (for 2 factor authentication) within 1Password. Isn't the purpose of the one time password to be stored somewhere else (like an authenticator app) that is separate from the 1Password vault?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @squash - it's a subject of both ongoing discussion and personal preference. The answer is: there really isn't one definitive answer. The term most used in both the tech and "regular" press is "2FA" - Two-Factor Authentication. But "factors" are usually supposed to be separate channels - something you are (biometrics like fingerprints or Face ID, etc), something you know (like a password), and something you have (like a hardware token or similar). Any of these can be genuine second factors. But storing your TOTP codes in the same app where you have your password (within 1Password) is not true 2FA. it's called 2SV (two-step verification), and although it's not as separate (and therefore strong) as genuine 2FA, the real-world differences may be less than you think. Our Chief Defender Against the Dark Arts, jpgoldberg wrote a blog post on this very topic back in January of 2015 when we debuted the TOTP feature in 1Password, and I recommend it still, as a way of understanding the subtle differences. Hope that helps! :)

  • squash
    squash
    Community Member

    @Lars , thank you for your reply. This really helps. If I decide not to use the TOTP feature in 1password, is there a way to disable the warning?

  • Lars
    Lars
    1Password Alumni

    @squash - there is indeed. You can add the tag 2FA to any Login item that has the "Inactive 2FA" banner warning, and it will be suppressed.

  • squash
    squash
    Community Member

    @Lars thank you so much for your help, adding the tag.

  • Lars
    Lars
    1Password Alumni

    @squash - you're quite welcome! Glad I was able to help. :)

This discussion has been closed.