I'm really liking the OTP feature in 1Password... I didn't grasp that it could totally replace my other authenticators... but I'm looking at my 1Password credential itself, and I'm wondering if it's a good idea to migrate that to 1Password. There seems to be a potential for a "Catch-22" circular dependency whereby "I can't get into 1Password to get my OTP therefore I can't can't get into 1Password to get my OTP can't get into 1Password to get my OTP can't get into 1Password to get my OTP can't get into 1Password to get my OTP "... etc. Any thoughts? 1Password Version: 8.9.14 Extension Version: Not Provided OS Version: Windows 10 Browser:_ Firefox Referrer: forum-search:https://1password.community/search?Search=one%20time%20password%20otp

@Peter_Wang I store all of my OTP keys in 1Password and use 1Password for autofill the codes. This makes the mfa codes available on my desktop PC without me requiring to look on my smartphone. However, I also store some of my OTP keys in Microsoft Authenticator - the ones I need to access my vital services, such as 1Password itself. This way I don't get any circular dependency. I need Microsoft Authenticator anyway for my Microsoft account and its push authentication. If you don't like Microsoft Authenticator, consider Google Authenticator. That one is completely independent from any online service and a standalone app. In case you don't know how to duplicate the OTP keys: you can always scan the QR codes as often as you want. When you sign up for mfa on some service, scan the QR code with 1Password and at the same time with the authenticator app.

I just ran into a possible circular dependency myself. I added another account to the 1Password Android app, and at the end it asked "please enter OTP". I added it from Authy, but I can see problems if all OTPs were on 1Password then if 1Password were to start interrogating me to get the OTPs from 1Password; you can't look pass or through the window demanding the OTP. I have Google Auth, thanks, it's fine. Authy I use for work stuff.

oooohhh... Google Authenticator is not backed up to the Google Cloud. Not nice!

Hello @Peter_Wang, Thanks for your message and questions about using 1Password to store the OTP for your 1Password account. Former Member is correct (thanks as always 😀), you shouldn't store your account's OTP in 1Password itself. As mentioned in the guide below, this would be akin to storing the key to your safe in the safe. Our guide, Turn on two-factor authentication for your 1Password account, includes more details. If you have any question about using 1Password as an authenticator for sites with two-factor authentication, this guide is great place to start. We'll be hear to help if you have any other questions or concerns. Have a great day!

Mike, it would great if the 1Password app would flash up a warning message should you try to add OTP keys to the app for a 1Password account: "Don't store your 1Password One Time Password in 1Password, you could get locked out!" To me, the greatest risk is that I break or lose my phone. They I guess I'm back to using just the username, password, and Secret Key to get back in? Can I keep another seperate TOTP authenticator on my laptop, will my 1Password account use more than one TOTP code? (codes not the same at any point in time). If I'm traveling, my laptop will be cabled up or in the room safe. If I lose the phone, I'm OK. If I lose the laptop to theft or breakage, I most probably did not also lose the phone at the same moment in time. I always think in layers of security.

Should I use 1Password to manage the OTP for 1Password?

13 Replies

Former Member
3 years ago
oooohhh... Google Authenticator is not backed up to the Google Cloud. Not nice!
Former Member
3 years ago
I just ran into a possible circular dependency myself. I added another account to the 1Password Android app, and at the end it asked "please enter OTP". I added it from Authy, but I can see problems if all OTPs were on 1Password then if 1Password were to start interrogating me to get the OTPs from 1Password; you can't look pass or through the window demanding the OTP. I have Google Auth, thanks, it's fine. Authy I use for work stuff.
Former Member
3 years ago
@Peter_Wang
I store all of my OTP keys in 1Password and use 1Password for autofill the codes. This makes the mfa codes available on my desktop PC without me requiring to look on my smartphone.
However, I also store some of my OTP keys in Microsoft Authenticator - the ones I need to access my vital services, such as 1Password itself. This way I don't get any circular dependency. I need Microsoft Authenticator anyway for my Microsoft account and its push authentication.

If you don't like Microsoft Authenticator, consider Google Authenticator. That one is completely independent from any online service and a standalone app.

In case you don't know how to duplicate the OTP keys: you can always scan the QR codes as often as you want. When you sign up for mfa on some service, scan the QR code with 1Password and at the same time with the authenticator app.

Forum Discussion

Should I use 1Password to manage the OTP for 1Password?

13 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Native Password AutoFill Extension macOS

Unable to update 1pw on Win 11 since 1st install: have to do full reinstall every time

Autofill Login Doesn't work

How To Remove Duplicates in v8.11.20

Autofill failing on site with non-standard fields ("Barcode" and "PIN") in Edge