Feature request: make One Time Password Secret Code Part of emergency kit

As you now offer 1time Password authentication you should integrate the OTP secret key in the emergency kit pdf and maybe make possible it to reveal in the GUI area of 1timepassword or secret key. And / or: add that QR on the emergency kit.

That’s what I did I extracted this from the password generator and noted it, and created an item in a second otp Generator and so was able to create the otp again. Lots of Authenticator apps offer possibility to enter it manual.

With this people would be able to recreate their otp for 1Password when they loose the generator app.

Independent from this:
Furthermore you should think about adding OTP secret code manual instead of scanning QR only to all your 1Password apps. And maybe even reveal the code separate in a field to have it easier to copy it


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi,

    Are you going to update the Emergency Kit to contain the key to the 2FA (if set up) as well?

    thanks,
    James.


    1Password Version: 6.8.8
    Extension Version: 4.7.0
    OS Version: 10.13.4
    Sync Type: the personal one (what's it called?)

  • BenBen AWS Team

    Team Member

    Good question. :) I’ll check with the team and see what the plan here is. Thanks!

    Ben

  • BenBen AWS Team

    Team Member
    edited April 2018

    Hi folks,

    I merged a couple of threads here. Thanks for the feedback. We’ll look into it.

    Ben

  • sjksjk oversoul

    Team Member

    @telephoneman,

    Furthermore you should think about adding OTP secret code manual instead of scanning QR only to all your 1Password apps. And maybe even reveal the code separate in a field to have it easier to copy it

    JasperP suggested this:

    When you enable 2FA, you'll see the secret here:

    And then if you ever lose your code generator, you could enter the secret into a new generator app.

    Does that work for you?

    Or do you mean something else?

    @JamesHenderson,

    Are you going to update the Emergency Kit to contain the key to the 2FA (if set up) as well?

    From brenty, later in the aforementioned discussion:

    TOTP Two-factor authentication is not enabled when you setup your account, so it cannot be included in the Emergency Kit in general. And since most people are going to be using two-factor authentication because they want a second factor, I think it would be ill-advised to do anything like that be default. There's nothing stopping you from adding it yourself though if you want to keep all of that together. And we'll see if we can make it clearer by giving people who try to enable this more warnings or something, so they hopefully take the time to understand that adding this extra layer can also prevent them from getting into their own accounts if they do not plan appropriately.

    One thing we may do is add a another field to the Emergency Kit where you can manually enter the 2FA secret, similar to the Master Password field. And we're looking at other ways for clarifying the need to retain this secret when using two-factor authentication with your 1Password account.

    Thanks again for the feedback.

    ref: b5-4161

  • edited April 2018

    @sjk Exactly that code and QR should be incorporated into emergency kit (I mean, once its activated you can create again an emergency kit PDF and then its integrated.) The possibility to direct download that new version of emergency kit PDF could be an optional part of that activation process. Furthermore you can integrate a button to reveal it in the GUI - right next to the secret key
    I don't say this is not yet possible, of course it is - I did what you suggested, but I think from usability perspective this could be more "comfortable". If you offer to scan that code again (like you do for secret key) from any of your frontends it would offer also a more comfortable way to easy recreate again an OTP item in any authenticator app.

    The other (from your own 2FA independent) thing is in general a feature request for all your apps, that you offer to reveal explicit that code (for any 2Factor item, not only 1Password) within the 1Password stored items. So when I add facebook 2FA (for example) to 1 Password by scanning QR you could integrate a button to reveal that code (right now I would need to extract it from the "URL"). Also offer to add that code manual in addition to QR scan (afaik right now only scan is possible)

  • BenBen AWS Team

    Team Member

    That is a fair point, @telephoneman. Certainly we would like for recovery in the event of a disaster to be as painless as possible while keeping security in mind. 2FA is a relatively new feature, so hopefully we can continue to iterate and improve the process when it comes to this subject.

    Thanks for the continued feedback. :)

    Ben

  • For now I used a pdf editor to add the code to the emergency kit pdf. Works but ... 😊 cheers

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file