Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Emergency kit and 2FA
Hello Community, I hope, my question is a simple one. Unfortunately, I was not able to answer it with the help sites or by searching older post here. How do 2FA and the emergency kit work together,...
In Get to know your Emergency Kit, along with other advice which pertains to this situation, it says,
If you turn on two-factor authentication for your 1Password account, also write down the 16-character secret next to the QR code in case you lose access to your authenticator app.
Depending on the technical skills of your family, they will be able to access your account with the password, secret key and TOTP key, but you might consider other methods to safely share secrets with them and not rely on them being able to access your personal account in the likely stressful and urgent situation. One obvious method is to use 1Password Families.
This chain of messages has been helpful but I am still unsure about something quoted just above from the "Get to know your Emergency Kit' page - what is meant by "the 16-character secret'? The secret key and the recovery codes are both longer than 16-characters whereas the TOTP (authenticator) code is only six characters, so?
what is meant by "the 16-character secret'?
The six digit code is generated using the standards-based Time-based One-Time Password (TOTP) algorithm uses two inputs: the current time and a secret key. You see the secret key when you first set up the TOTP for a site or service in the form of the QR code and/or a sixteen character alphanumeric string.
This secret key is stored in 1Password or whatever authenticator you use for TOTP. You can see it if you try to edit the field, revealing the URL with a `secret=` parameter, e.g. for this website mine is
otpauth://totp/A.J.Caines%2B1Password%40halplant.com?secret=A0J9RBNS3FJ1NYUK&issuer=1Password&algorithm=SHA1&digits=6&period=30
where A0J9RBNS3FJ1NYUK is the secret key. This is all you need to add a TOTP to another authenticator.
You only need to save the TOTP secret key for 1Password if you only use the 1Password client as your authenticator for your 1Password account, in order to avoid securing your account from yourself.
