locked out after upgrading phone, no access to previous 2FA app

edited November 2018 in Memberships

Hello,

I’m in quite a jam here. I have a subscription to 1Password and just today upgraded my iPhone 7 to an XS.

The trouble is, I traded in my old iPhone and wiped it and no longer have access to the code generator app I was using (Duo) for 2FA.

Now when I try and log into 1Password.com, I’m prompted to enter a code from my code generator, but I can’t because Duo is asking me to reconnect by either scanning a QR code or entering a code manually.

I’ve tried scanning the Setup Code from the preferences of 1Password on my Mac, but that doesn’t work. I get an error from Duo saying “invalid activation code."

And, of course, I recently cleared my browser data so Safari and Chrome don’t remember that I’ve signed in before.

What can I do to regain access? Help! Thank you!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1Password

Comments

  • Hello @brightpavilions ,

    Out support team can definitely help you reset 2FA on your account, so you can log in and set up Duo again. Please open a ticket using the contact link here: https://support.1password.com/contact/

    They will get back to your shortly to verify your identity and assist with the reset.

    Let us know if you have any questions

  • I simultaneously posted here and sent a message to support to open a ticket but I’ve yet to hear back.

  • MeekMeek

    Team Member

    Hey @brightpavilions, would you mind posting your Support ID here? That'll help us find your email and connect the dots :)

  • edited November 2018

    Yep!
    FKS-62638-432

  • brentybrenty

    Team Member
    edited November 2018

    Thanks! I'll get back to you via email shortly.

    ref: FKS-62638-432

    But just to clarify, if you're using Duo, you'll be using 1Password Teams/Business, and in that case another admin could help you perform account recovery, which could allow you to regain access, almost certainly faster than going through a lengthy account verification process with us.

  • I simply used Duo as my code generator. You can sub that out for Google Authenticator etc. This is a personal account not a Teams.

  • brentybrenty

    Team Member

    Ohhh. Got it. I misunderstood that part. Thank you for clarifying!

  • Hi,

    I'm considering adding 2FA to 1Password (Personal, not Teams/Business) and other security-critical apps. However at https://support.1password.com/two-factor-authentication/ it seems to say that if I loose access to my 2FA app and I can't recover it then I'm locked out of 1Password forever. That scares me so much that I'm not sure that I want to accept that risk. However in this topic you seem to say that if that my 2FA irrevocably melts down I can contact you and (I assume after passing rigorous but not unreasonable tests to verify my identity) you can turn off the 2FA so I can use my UserID, Master Password, and Secret Key to regain access to my 1Password account. Is that correct?

    Thanks,
    Mike

  • BenBen AWS Team

    Team Member
    edited November 2018

    @MikeA01730

    Certainly you’ll want to avoid losing your TOTP secret for any services. For TOTP secrets that you store in 1Password having your Emergency Kit stored somewhere safe is going to be hugely helpful. It may even make sense to have multiple copies depending on your situation:

    Get to know your Emergency Kit | 1Password

    For 1Password... you can’t effectively use 1Password as your TOTP code generator. Some folks choose to also store their TOTP secret in 1Password, but it should definitely never be the only place it is stored. You’ll need to evaluate what is going to work best for you as far as an app to generate those, but whatever you choose I’d recommend something that can (A) be backed up, (B) be synced to multiple devices, and (C) you’ll have access to if you do not have access to 1Password (either because it does not require a password to unlock or because you’ve memorized the unique password for it).

    You can also write your TOTP secret for your 1Password account on your printed Emergency Kit.

    Our security team can help if you lose access to the ability to generate TOTP codes for your 1Password account, but this should be considered an absolute last resort, rather than your backup plan. It may take days for our team to address the situation and so you may be without access to your 1Password data for a while if you find yourself having to resort to that option.

    I hope that helps!

    Ben

  • Ben,

    I'm a little new to 2FA and still don't fully understand everything about it.

    I hadn't thought about storing the TOTP (represented in the QR code, right?) that I obtain from a web site when adding 2FA to it. Is the purpose to reload the QR code for each web site my 2FA app controls into the 2FA app if I have to reinstall it? Does this do the same thing that Authy does with its backup of accounts?

    You say "You can also write your TOTP secret ...". How do I write it if it's a QR code?

    I'm only planning on calling 1Password Support as a last resort. I intend to store recovery information in my safe deposit box. My concern was that it appeared that in the worst case (say something goes wrong installing the 2FA app) even that might fail to get 1Password going.

    Thanks,
    Mike

  • Hi,

    I have the same problem as brightpavilions. And I can't send email to you at https://support.1password.com/contact/.

    can you help me?

  • brentybrenty

    Team Member

    @sillymole: You can't send us an email? What do you mean?

  • brentybrenty

    Team Member

    I'm a little new to 2FA and still don't fully understand everything about it.

    @MikeA01730: I'd recommend not using it unless you have a good understanding of the risks and benefits. 1Password's security is based on encryption and doesn't depend on authentication. If you have additional questions about 1Password, let us know.

    I hadn't thought about storing the TOTP (represented in the QR code, right?) that I obtain from a web site when adding 2FA to it. Is the purpose to reload the QR code for each web site my 2FA app controls into the 2FA app if I have to reinstall it?

    The 1Password.com QR code or TOTP secret (both are the same data, just represented by an image or text respectively) applies only to 1Password.com; it isn't at all involved with other websites.

    Does this do the same thing that Authy does with its backup of accounts?

    1Password doesn't backup something you store only in Authy.

    You say "You can also write your TOTP secret ...". How do I write it if it's a QR code?

    When you go to set it up (there's no harm in looking -- you can back out without completing setup) both are shown, since some authenticator apps accept a scanned QR code and others use a text-based TOTP secret.

    I'm only planning on calling 1Password Support as a last resort. I intend to store recovery information in my safe deposit box. My concern was that it appeared that in the worst case (say something goes wrong installing the 2FA app) even that might fail to get 1Password going.

    To be clear, if there's a problem with setting it up in the authenticator app, you will not be able to setup two-factor authentication in the first place. So that's not really a concern. Also, keep in mind that in addition to backing up the QR code and/or TOTP secret, you could absolutely setup an authenticator app on multiple devices. There is nothing limiting you to having only a single point of failure.

    But again, you can absolutely use a 1Password.com account without two-factor authentication. It's an optional feature, and it may be best to try 1Password.com first to get familiar with it anyway.

  • Hi 1password team I have the exact same issue. My support ID is [#ZBP-58398-325]. Still waiting to hear back from the team.

  • brentybrenty

    Team Member

    @revolverbloom: Please stop posting in multiple threads. That just slows down the support process for everyone -- including you. We'll continue the conversation via email.

    ref: ZBP-58398-325

  • brentybrenty

    Team Member

    I'll close this discussion. Anyone else having a similar issue should see my instructions here.

This discussion has been closed.