Two-factor authentication or 2FA is a way of making your logins more secure, by not only requiring a username and password when signing in, but also a special extra code that can either be received as an SMS or else generated by an app or device. I like the Google Authenticator app and have used it for 2FA purposes. If you are using the 1Password software, an even better way to do 2FA is to replace Google Authenticator with 1Password itself. It has the ability to generate one-time passwords for 2FA purposes. If you wish, you can use both apps at the same time and see which one you like best, they will generate the same number so they are interchangeable.
Most of you will already have used 2FA, perhaps without knowing so, when you log in to your internet banking. Most banks give out a 2FA device or card which stores some codes you are required to enter when logging in. This ensures that if someone guesses or cracks your password, they still won’t be able to login unless they are also successful in robbing your physical 2FA device.
I would use 2FA whenever it is possible, but I especially highly suggest using it on websites which contain sensitive information that can be used by a hacker to damage you or steal assets.
Here are a few popular sites to use 2FA on:
- Social media (Instagram, Facebook, Twitter etc)
- Crypto exchanges (Kraken, Coinbase etc)
- Amazon and other e-commerce sites that you use frequently.
- Dropbox and similar platforms storing your files.
- Email accounts (Gmail etc)
For a bigger list check out this site.
Here’s a website that serves as a guide to setting up 2FA on the most popular platforms and websites.
Pro Tip: You can add your 2FA codes to 1Password!
Yep, indeed that should be part of the workflow.
No it shouldn’t, that defeats the purpose of MFA. Anyone who gains access to your 1Password vault now has access to any account within it. You’re back down to one factor.
Emerson We are referring to the app and not the hosted version of 1p here.
Jean what’s the difference? If you keep passwords and TOTP secrets in the app, anyone with access to your app has access to your accounts, ergo the app becomes the single factor. As compared with somebody getting access to Google Authenticator or Duo on your phone. The OTP values aren’t sufficient without your passwords, so another factor remains necessary.
Or from 1Password themselves, https://blog.agilebits.com/2015/01/26/totp-for-1password-users/, search for “Second factor”
Since both 1Password and Authenticator sit on your phone, I don’t see why it’s more secure to use Authenticator. One might argue that most people have 1P on their laptops as well, which is increases the surface of attack, but beyond that, they are pretty equal as I see it, unless I’m missing something.