To protect your privacy: email us with billing or account questions instead of posting here.

Lost Phone with Authenticator App, can't login to 1Password

d0nkeyBOB
d0nkeyBOB
Community Member

Just lost phone and I wanted to turn off usage to other locations for safety but the authenticator app is on that lost phone and I'm locked out.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: IPhone 12
Sync Type: Not Provided

Comments

  • Manaburner
    Manaburner
    Community Member

    What authenticator app did you use? Anything that syncs like Authy?

  • d0nkeyBOB
    d0nkeyBOB
    Community Member

    Google Authenticator. It doesn't sync from what I can see

  • Manaburner
    Manaburner
    Community Member

    @d0nkeyBOB Hmm have you by chance written down the inital 2FA secret? Did you try the hints on this page? https://support.1password.com/two-factor-authentication/#if-you-lose-access-to-your-authenticator-app

  • d0nkeyBOB
    d0nkeyBOB
    Community Member

    I got it turned off. Other browsers weren't allowing me to log in to the main site to turn off 2FA, but my work one did. Done and done

  • Manaburner
    Manaburner
    Community Member

    Great that you can login again :) I would recommend using Authy or anything that syncs for the 2FA.

  • Thanks for the update @d0nkeyBOB, and for the assistance here @Manaburner. Glad to hear you were able to get this sorted. As Manaburner alluded to above I'd highly recommend recording the TOTP secret on your Emergency Kit and/or printing the QR code if you decide to turn it back on. :+1:

    If there is anything else we can do, please don't hesitate to contact us.

    Ben

  • Manaburner
    Manaburner
    Community Member

    @Ben Glad that I could help

  • Lars
    Lars
    1Password Alumni

    :) :+1:

  • Yeah. There was a time when 1Password was strongly against 2FA since it wasn't 2FE and a good password was just as good if not better because of the nature of the data and the application's purpose. I will tell you this is one of the reasons I do not use 2FA on 1 Password. Lose access to the authenticator and your goose is cooked. Maybe just provide a stronger master password? If a nicely decked out GPU-rig can't crack it, what's the 2FA for? (via the web would be soooooo much slower). If they are close enough to get my password, then they can take my database and crack it without the 2FA anyway since their decryption tools won't need it. Flip side, corp. sec departments are notorious for requiring it since they (rightly, unfortunately) are aware of the ability of people to come up with simple passwords that meet the requirements.... just suggesting an alternative. All my 2FA secrets that I do use for things like gmail or microsoft I keep in 1Password!

  • Lars
    Lars
    1Password Alumni

    @AlwaysSortaCurious

    Flip side, corp. sec departments are notorious for requiring it...

    Indeed, this was one of the main reasons 1Password accounts now have 2FA options, but every one of the arguments you gave earlier in your reply are also quite true: there is indeed a risk of losing access to the external authentication app/device, and although 2FA can provide additional security in some cases, those cases are more narrow and limited than many people imagine: 2FA on a 1password.com account will not matter to anyone in possession of your data (whether from stealing it from you via grabbing a physical device or otherwise). In the last analysis, a good, strong Master Password is the best and last line of defense, just as it has always been.

This discussion has been closed.