Authenticator App

I failed to answer part of your question and that may help solve what happened. You asked if I had already logged into any of those devices. It could be possible that I was currently logged into one Windows 10 system while I turned on Two-Factor Authentication on the second one. One of them is a Host PC. The other is a VMware Workstation Windows 10 VM. The Host did not have Two-Factor Authentication active, but the guest did.

EDIT* The Guest is where I started the process to activate it.

I thought I did a screen capture of it but can't currently find it. It was definitely asking for a 6-digit pin from my Authenticator app. Here is a screen pic of what I received in email after I was able to turn it off.

jeffer23 Had you already logged in to 1Password on any of those devices?

Are you sure it was asking for a 6 digit passcode from an authenticator app? Or was it asking for a Windows Hello PIN?

I have three Windows 10 operating systems and an android phone. All of them were active with 1Password when I attempted Two-Factor Authentication. Two of the Windows 10 operating systems required a pin that I couldn't provide. One didn't require a pin. I did not try to access my account on the phone. Why did the one WIN 10 operating system not require a pin?

jeffer23 Two factor authentication is an account-wide setting. If it is enabled in your 1password.com account then you will need to enter a 6 digit passcode on any new device or browser. It is a means of authorizing a new device to receive a copy of your 1Password database, so it wouldn't make sense to only require it on particular devices.

I got two factor authentication disabled. What I don't understand is that I only remember trying to setup Two Factor Authentication in one browser. But it was active on two of my operating systems. Luckily it wasn't active on one system. I guess I need to look at the options in the software better in the future.

I tried to do too much too quick in doing this but I am racing to make sure I am happy before I get charged for the software. I think rootzero got me what I needed to understand it when I revisit at some point in the future. I'll make sure I have my data mostly stable before I do it.

Thanks for the help.

Hi jeffer23:

rootzero covered everything I would have said (thanks for the assist! 😎). Let me know if you run into any further trouble along the way with your two-factor authentication.

Jack

jeffer23 If you lose one of your logged-in devices you can remove it from your list of authorized devices at 1password.com. You can do this whether or not two factor authentication has been enabled.

Two factor authentication is only required the first time you login to 1Password on a new device. Once you've entered your account password, secret key and two factor authentication passcode, a copy of your 1Password database is downloaded to the device. This is encrypted with your account password and secret key. Two factor authentication doesn't play any part in the encryption. So it doesn't help to secure your 1Password data on a device where you've logged-in previously.

Two factor authentication protects from the case where an attacker has your account password and secret key, but doesn't yet have a copy of your database. If an attacker has a device with a copy of your database then the main protection is provided by your device security and your account password.

Thanks for your reply and help. I will reread your post later today when I get opportunity to attempt a solution.

At this moment I really only 100% want two factor authentication for my work computer (laptop). This is a laptop that I do not own. It is also used for occasional travel. If something ever occurred where I lost control of this laptop, it would be good to have peace of mind that the logon can't be done without use of my cell phone in addition to a password.

Right now I think I am overwhelmed with the process of getting all of my data into the configuration. So I probably don't have a proper feeling for long term use of the feature. Once I get most of my passwords and data entered the process will likely be less stressful since I also do programming (on my daily job - with overtime) which combines to cause mind fatigue when adding new stuff I don't know well.

Thanks again for the advice.

jeffer23 You must have used an authenticator app or Apple keychain to scan the QR code and generate the 6 digit passcode required to enable two factor authenticaiton. If you can't find the 6 digit passcode in an authenticator app or Apple keychain then you'll need to disable two factor authentication.

You can disable two factor authentication from any 1Password app where you are logged-in. If you are not logged in to a 1Password app then try logging-in to 1password.com from a browser where you have logged in before. If all that fails then send an email to mailto:support@1password.com from the email address you use for 1Password explaining the problem. They will ask you some security questions and disable two factor authentication for you.

Before enabling again, consider whether you need two factor authentication. The combination of account password and secret key already gives your 1Password account very strong protection. If you decide that you still want to enable it then choose an authenticator app that backs-up your two factor authentication secrets. I wouldn't recommend Google Authenticator because you lose your two factor authentication passcodes if you lose or factory reset your phone.