k b wrote: ↑Tue Jan 19, 2021 9:42 pm
Gadget wrote: ↑Mon Jan 18, 2021 6:02 pm
k b wrote: ↑Mon Jan 18, 2021 4:18 pm
Thanks for your inputs. I decided to go for 1Password (one person plan) after reading through a bunch of stuff, including the Wirecutter article posted here.
I have a follow-up Q
1Password provides 2FA, which links to your cellphone. My Q is whether I can link my account to TWO DIFFERENT cellphones? Once again, this is not to get family plan benefits but for an emergency - in case I am not available to log in and another family member wishes to.
The direct answer is yes. You just need to use something like Authy or MS Authenticator that is cloud based 2FA and can be logged into from multiple devices. You can technically do this with a device based 2FA like Google Authenticator, but you would have to copy the QR code onto multiple devices at the initial setup time to accomplish that. It's much easier with Authy.
However, my counter argument is, are you sure you even need 2FA on your 1Password account? Do you understand how the secret key works? It is basically a 2nd factor just like 2FA. It's something only you should have with you. Since 1Password needs your secret key to log in to any new device, I think it is effectively just as good as setting up 2FA on your 1Password account. You just need to ensure that you protect your secret key, either by encrypting it or saving it on something that can only be accessed with 2FA, or is only printed physically somewhere. Clear as mud?
Getting there, but it's going to take time
I asked about 2FA because somewhere within my profile 1Password actually revealed my PW to me! Even hotmail or yahoo mail don't do that!!
But then - the secret key is not asked for when I log in? So, how is it 2FA?
Log in from a new device. It will definitely ask you for your secret key. It's caching your secret key on a device you've already setup, just like financial sites sometimes cache that you've sucessfully entered 2FA codes on a website and won't make you enter 2FA again for a while.
I'm trying to figure out where you saw 1password showing you your master password. Are you using the desktop local client instead of the web version or chrome extension? On the web version or chrome extension, I can't find where it shows me my master password anywhere. I do agree that doesn't seem right.
There are technical differences between 2FA and a secret key. There are some pluses and minuses in regards to security and ease of use. Personally, I feel like the secret key is just as good if not better than 2FA using Authy or Google Authenticator. But I suppose that's for each person to figure out on their own. There is no harm in also adding 2FA to a 1password account, it's just an extra annoyance.
Here's what 1password said:
Security professionals recommend using multiple authentication factors: “something you know”, like your password, and “something you have”, like an authenticator app on your phone.
The Secret Key takes this idea to the next level. It doesn’t just authenticate you with our servers; it also plays a direct role in encrypting your data. That’s important, because it strengthens your Master Password exponentially. And since it never gets sent to us, your Secret Key can’t be reset, intercepted, or evaded.