0

1Password sort of supports 2FA. We have a master password and an additional secret. But why don't they support TOTP for 2FA?

I just want to make really sure that unless I approve, no other devices can access my 1Password account.

Say someone put a trojan keylogger on my computer. I don't know if I can ever detect the presence of this on my current computer.

Say I open 1Password in my computer. It asks for master password that I type and I insert the key. Now, since one of my computers is compromised, the hacker knows my master password and my secret key that is not regularly changed. Isn't that dangerous?

LastPass implements 2FA, it supports plenty. Why doesn't 1Password? I know their engineers are active on this site and provide answers occasionally. So that's why I am asking. I've heard 1Password is security all the way, so I thought they must have "security" reason why they choose to implement things this way.

HomoTechsual
  • 154
  • 7
user4234
  • 139
  • 8
  • 5
    You are essentially asking us to explain why a specific commercial product is missing some feature. This is not the support site for this product. Even though you expect engineers from the company to hunt forums this is not the right place to ask - instead contact the company directly [using their support](https://support.1password.com/). – Steffen Ullrich Oct 01 '18 at 05:08
  • If the question is slated to be removed - please let me know, I'm happy to remove my answer if it makes things easier to remove an off-topic question. – HomoTechsual Oct 01 '18 at 09:11
  • It turns out the issue wasn't security. I changed the title. What about now? – user4951 Oct 01 '18 at 17:38
  • Actually there is a question here that says that 1 password doesn't support 2FA. I forget – user4234 Oct 04 '18 at 20:33

1 Answers1

3

So to start with, your question is based on a false premise, namely that you can protect your 1Password account using 2FA (Two-factor Authentication) from the 1Password website.

You can use any TOTP compliant app or a Yubikey device.

1Password can itself be used to generate TOTP codes but it ABSOLUTELY SHOULD NOT be used to generate TOTP codes for itself (for reasons which should be obvious!)

Enabling 2FA with 1Password requires a 1Password membership.

Source: https://support.1password.com/two-factor-authentication/

HomoTechsual
  • 154
  • 7
  • Wow. 3 factor authentication. Good. Very good. – user4234 Oct 01 '18 at 09:22
  • 1
    I'm not seeing a third factor. **Things you know:** Secret Key, Email, Password **Things you have:** 2FA token/device – HomoTechsual Oct 01 '18 at 09:22
  • 4 factor. password, secret key, email, 2FA. That'll calm the fear – user4234 Oct 01 '18 at 09:31
  • 1
    No, still 2Factor... https://en.wikipedia.org/wiki/Multi-factor_authentication Generally when we describe something as NFactor we're talking about the number of **factor groups** in use. Not the number of individual factors. So we can get upto 3 factors (Knowledge _something you know_, Possession _something you have_, Inherence _something you are_) **For Example:** PIN Number, Bank Card, Fingerprint – HomoTechsual Oct 01 '18 at 09:35