Can one-time-password info be shared between two individual licenses?
My wife and I currently use individual licenses of 1P6, each on our separate Macs, iPhones and iPads. For some websites, e.g. a joint bank account, we have the same login info each in 1P6, so if I change the bank account website password, then I must be sure to tell her the new info so that she can put it into 1P, so that she can access the bank account from her devices. But with 2-factor authentication by 1P app and the use of one-time-password algorithms, can this continue to work for us? Can we share the scanned OTP algorithm between our two individual licenses, and if so, how does that work? If it can work, then on which device does the OTP code get displayed/copied for use with the bank account website? Could our issue be better addressed in a Families account, and if yes, then how is the issue of OTP handled in a shared vault situation? On which device is the OTP code displayed/copied?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@FredBuchholz This is the best use-case I have seen for a Family subscription account. What you want to do is very easily done in the Family account, but probably not possible with a stand-alone licensẹ. hth
0 -
@FredBuchholz: What you're trying to do is technically possible without a 1Password Families membership, but after doing it for years I would never recommend it now that there's a better way. It involves having a shared vault that's configured individually, and a bit differently for both of you, across each and every device. There are a lot of things that can be done that I never want to do. :lol:
1Password Families allows you to easily share vaults securely and even help family members recover their accounts if they get locked out — along with many other benefits, like automatic offsite backup and [item history](https://support.1password.com/item-history/, so losing your devices doesn't mean losing your data. Each family member just signs into their account on each devices, and any vaults they have access to automatically show up. Simple.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Thanks @brenty for the response and links. It looks like a Families account has some definite advantages for us. I have still not seen a comment on how the OTP process works with a shared vault and a handful of devices (three of mine and three of spouse). Let's imagine that I set up the app-based-OTP for a website on my laptop (scan in the QR code, etc.) and put the QR code information into the 1Password login card of a shared vault in the Families account. Then it seems that my spouse with access to the shared vault can login to the vault using her unique master password (different from mine), and then use the OTP to login to access the website. Which device gets the OTP to key into the website? All of them (this doesn't make sense to me)? But I'm asking because I don't fully understand. Thanks again!
0 -
@FredBuchholz: No problem. I think you may be overthinking this though. Maybe a concrete example helps:
First, it's useful to note that 1Password Families has a default Shared vault which every family member invited gets access to automatically. You can always create other vaults and share them with some, all, or none of your loved ones, but for our purposes I'll talk about "Shared" because it's universal.
So anyway, I invited my dad to join my 1Password Families plan. So he's automatically got access to the Shared vault. That makes it easy for us to drop stuff in there that both of us need access to. For example we share an online backup plan. And -- you guessed it -- that has two-factor authentication setup for it. So the login is in the Shared vault, since we both need to use it, and it has the TOTP secret saved in it so 1Password can generate the one-time password for us to authenticate.
Theoretically, if we both try to sign into that account at the same time, one of us will fail, because the first one will use the current code, which makes it invalid ("one-time"), so that when the other tries it it will not work. But that's never happened, and even if it does, dad just has to wait 30 seconds for a new code (because I'm faster than he is). ;)
0
