Moving your Two Factor Authenticators to 1Password
Passwords alone are not enough to keep your online life secure. Two-Factor Authentication adds an extra layer of security. Here we look at integrating your 2FA authenticators with 1Password.
I’m a big fan of 1Password, so I’ve been slowly moving my Two-Factor Authentication (2FA) authenticators from SMS and Google Authenticator over to 1Password. We’ve covered Authy before, which is a great product, but if you’re already using a password manager, why not integrate your factors?
Why Two Factor Authentication?
Although we’ve covered it before, passwords alone aren’t secure enough to protect you and your data. Databases get hacked, people get tricked with email phishing, and sometimes you (gasp!) reuse passwords. Two Factor systems rely on something you know, like a password, and something you have, like a special code. That code can be texted to you, can appear on a keyfob, or you can use software to create that code.
Move From Two Factor Text to Code Based
At first glance, text-based messages seem easy. You probably always have your phone with you, so you know that only you can access the system.
However, your mobile phone isn’t always with you and is accessible. Sure, you might have an obvious problem like losing your phone or the battery dying. Sometimes you won’t be in the mobile phone range. That happened to me one time when I was on an airplane and had Wi-Fi on my laptop. I couldn’t log into a site because I couldn’t get a text.
Even if your phone is with you and working, someone can “sim-jack” your phone. That’s when hackers use social engineering or other methods to convince your mobile phone provider to reissue your phone number to another person. The average person is unlikely to have that happen. If you’re being targeted, the person can use sim-jacking as part of a campaign to steal from you.
Why 1Password rather than Authy
Before 1Password supported login codes, I used Authy. However, since I’m such a fan of 1Password, combining them seems to make sense. Authy lets you manually add a code for 2FA on the Mac, but 1Passwords gives you the additional option of adding based on a QR code. I find it easier to do the add by using the scan. 1Password also scans your accounts and lets you know which systems support 2FA and takes you to the link to enable it. I like that proactive approach to security.
If you have a 1Password account, it gives the additional option of setting up an emergency contact. That way, other family members can get to my stuff if I’m unavailable. With 1Password’s Travel Mode, my 2FAs and different passwords are protected when I cross the border.
Adding 2FA Codes to 1Password
After you follow 1Password’s link to enable 2FA on a site, that site will typically present you with a QR Code. If 1Password doesn’t know 2FA is available on the site, you’ll need some additional work. Go to Edit and then the Section area and select One-Time Password. After that, click the QR Code icon. That will present the 1Password Code Scanner.
Align the crosshairs with the QR Code, and you’re done. 1Password will generate the timed code, so all you need to do is click save. Most sites will ask you to type a code to verify it’s set up correctly.
How to Use Your Timed Code with 1Password
Depending on how you log in to a site, 1Password will autofill your credentials. The bonus with a 2FA site is 1Password copies the code to our clipboard automatically.
If you’re using the Apple Watch, the code appears on the watch, too. That feature is handy when you’re on a plane, and you’re juggling devices.
![Apple Watch Series 8 [GPS 41mm] Smart Watch w/Midnight...](https://m.media-amazon.com/images/I/317o8cxuiAL._SL160_.jpg)
Amazon.com Price updated on 2024-05-10 - We may earn a commission for purchases using our links: more info
Enable 2FA Before The Next Security Breach!
With security breaches so common, the sooner you enable two-factor, the sooner you’re secure. Passwords aren’t enough to protect your important and sensitive data.
2 Comments
Leave a Reply
Leave a Reply
esteban
April 5, 2021 at 6:41 pm
The type of websites that need to use 2fa, such as the ones that handle or hold your money refuse to use 2fa, except ocassionally sim swappable sms 2fa. On the rare occasion when I see one of them use software tokens its proprietary one. Which I guess means I not only have to use that specific one, it will guaranteed be a phone app when I really want to mess with money on a pc where I can actually see what i’m doing. Guess i’m out of luck till we get options. I’d prefer FIDO 2fa at online banks and credit unions, but they don’t really give a hades. they really really don’t.
Ian Morris Nieves
September 21, 2021 at 4:05 am
Authy has allowed input via QR code for a long time. At the moment, this is the default method of inputting the key to setup 2FA on Authy.