1password 2fa Authenticator

Posted on by



  1. 1password Authenticator
  2. 1password Add 2fa
  3. Download 2fa Authenticator

Two-factor authentication provides an extra layer of protection for your 1Password account. If you have a U2F-compatible security key, you can use it as a se. Thanks for the explanation on 2FA terms - yeah, TOTP is the one I'm thinking of. I believe with Google Authenticator, there’s no way to reveal that secret? So if you wanted to have your 2FA saved in both Google Authenticator and 1Password, you’d need to re-setup 2FA.

Get help when you lose your device. Find out how 1Password protects your information and what you should do.

Your 1Password data is safe

The secrets you keep in 1Password are safe from thieves and prying eyes, even if you lose a device.

Your 1Password data is encrypted with your Master Password. As long as you have a strong Master Password, someone who has access to your device won’t be able to view your passwords, credit cards, or anything stored in 1Password.

Any information about your passwords is also encrypted. An intruder won’t be able to see, for example, that you have an account for a specific hotel website, and figure out where you stay when you travel. Everything about the items in your vaults is hidden.

Authenticator

If you use a 1Password account, you have even more protection if your device is lost or stolen. You can deauthorize the device and regenerate your Secret Key, preventing anyone from using it to access your account. An intruder won’t be able to sign in to your account from other devices unless they also have your new Secret Key.

Don’t change your Master Password

You don’t need to change your Master Password if you lose a device, unless you have specific reason to believe that someone else knows it.

Your Master Password is never stored on your device. It cannot be compromised or discovered by someone who has access to your device, even if you use Touch ID or Apple Watch on your Mac, Touch ID or Face ID on your iOS device, or Biometric Unlock in 1Password for Android.

Change passwords for your other accounts

Although your 1Password data is secure and private, other apps or services may not have been designed to safeguard your data in the same way. If you use other accounts on your lost device, you should change the passwords for those accounts. 1Password makes this easy.

Learn how to change passwords with 1Password.

Access your data on other devices

If you have a 1Password account, your data is automatically backed up and available online. Losing a device won’t affect that data, which means you never have to worry if your device is lost, stolen, or otherwise unusable. To access your data, install 1Password on another device and sign in to your account.

Your data is also available on other devices if you sync 1Password with iCloud, Dropbox, or the WLAN server. To see your data on any other devices you own, install 1Password on them.

Find your lost device or erase it

Apple and Google offer tools to find lost devices or erase information from them:

  • Learn how to find your iPhone or iPad
  • Learn how to find your Android device
1password

If you use a 1Password account

If you use a 1Password account, deauthorize the lost device and regenerate your Secret Key. Sign in to your account on 1Password.com to get started.

Regenerate your Secret Key

  1. Click your name in the top right and choose My Profile.
  2. Click Regenerate Secret Key.
  3. Enter your Master Password, then click Regenerate Secret Key.
  4. Download your new Emergency Kit, and store it safely.

1Password will ask for your new Secret Key and your Master Password on each device you’re signed in to.

Deauthorize the lost device

  1. Click your name in the top right and choose My Profile.
  2. Scroll down and clicknext to your lost or stolen device, then choose Deauthorize Device.

If you sync 1Password with Dropbox

If you sync 1Password with Dropbox, unlink your lost device and remove 1Password as a connected app:

  1. Sign in to your account on Dropbox.com.
  2. Click your picture in the top right, and choose Settings.
  3. Click Security.
  4. Scroll down to Devices, clicknext to your lost device, then click Unlink.
  5. Click “Connected apps”.
  6. Scroll down to “Linked apps”, clicknext to 1Password, then click Uninstall.

    If you see multiple copies of 1Password, uninstall all of them and set up 1Password to sync with Dropbox again on each of your mobile devices.

The device you unlinked won’t be able to sync any changes you make in 1Password on your other devices.

PayPal has now added 2FA, so this info is no longer needed. Kept for posterity.

Two-factor authentication today is a must to keep your online accounts safe. You certainly want to keep your PayPal account safe. Using SMS to add an extra authentication is a hassle and could cost you money as well. PayPal, in their infinite stupidity, has chosen not to use the regular 2FA two-factor authentication used by most of the online sites. Instead, they decided to go with Symantec/VeriSign’s design, where you need a proprietary iOS, Android app, or a dedicated hardware key. This method makes it very hard to get it to work with the worlds best password manager software, 1Password. However, with some elbow grease, there is a way of getting it to work. Here’s how.

Software Installation

First, we need to install some software. I’m using a Macintosh, and these instructions should work under Linux.

First, you need to install the Xcode command line software. Just open the Terminal application that you can find in the /Applications/Utilities folder.
Start it and enter:

This command installs the necessary tools for the rest of the installation.

Now, let’s install the actual tool that creates the key.

Enter the following into the terminal application:

I had to replace pip3 with pip on my installation, but I have many changes in my Python setup, so that may be the reason why pip3 didn’t work on my Mac.

You need to install a software called HomeBrew.
Just enter the following in the Terminal window and press return:

Now we can use Brew to install the rest of the software needed.
Just type the following into Terminal and press enter:

That’s all the software you need. Now let’s continue.

Creating Two-Factor Authentication Key

Let’s continue in the Terminal application. We first need to create a key. This key will be used to generate all the six-digit authentications later.

Enter this into Terminal and press return:

This will create a unique key and store it in a hidden folder in your home directory.

The output from the command should look something like this.

Generating request…
Fetching provisioning response…
Getting token from response…
Decrypting token…
Checking token…
Credential created successfully:
otpauth://totp/VIP%20Access:VSSTXXXXXXXX?digits=6&secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&period=30&algorithm=SHA1&issuer=Symantec
This credential expires on this date: 2022-02-12T02:26:33.767Z

You will need the ID to register this credential: VSSTXXXXXX

You can use oathtool to generate the same OTP codes
as would be produced by the official VIP Access apps:

oathtool -d6 -b –totp XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # 6-digit code
oathtool -d6 -b –totp -v XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # … with extra information

Your information is going to look different. The X:ed out in the above output is my key, so I’ve obscured it with X:es. You are going to need this information later to create the key required for PayPal. It’s a good thing to save this output, so copy the text from the Terminal application and paste it into the “Notes” field of your PayPal password inside 1Password.

PayPal Settings

Now it’s time to log in to PayPal and do some changes.

You need to login to your PayPal account. Go to your account setting, and click on “My Settings”. Click on “Update” under the section “Security key”.

1password Authenticator

Click on “Activate a new security key token.” See picture below.

In the field “Serial number”, enter the key from the output in the Terminal application called “You will need the ID to register this credential:”

1password

It starts with VSST and has six digits after it. Copy it complete with VSST and the six following numbers. Paste it into PayPal’s field “Serial number”

In step 2 on PayPal’s setting, you should input a 6-digit code, but you need to create one first. Copy the command you got from the Terminal output when creating your key. It should look something like this:

oathtool -d6 -b –totp XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # 6-digit code

Paste it into the Terminal application and press return.

This will display a six-digit code. Just copy the generated code from your Terminal window into the first 6-digit field.

Now go back to the Terminal application, and repeat the command. The easiest way is to just press the up-arrow on your keyboard, which should fill in the command you just entered automatically. Press return. If the six-digit key is the same, just keep repeating the command until you get a new unique key. Copy that key and paste it into the field “Next 6-digit key” on the PayPal web page.

Now press activate on the PayPal page and if everything worked out, you should now have a security key completed in PayPal.

Let’s move on to 1Password and make it automatically generate the two-factor authentication for your PayPal password.

1Password Two-Factor Authentication For PayPal

Open the 1Password application. Search for your PayPal password in the search field. Select the PayPal password and press the “Edit” button in the lower right side of the 1Password window.

Now press the circle with three dots inside to add a new field. Select “One-time password” as the field type.

You now have a One-Time Password field, but you need to add the secret key into this field. Copy the information Credential created successfully: you got earlier when we created the key in the Terminal application. It should look something like this: otpauth://totp/VIP%20Access:VSSTXXXXXXXX?digits=6&secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&period=30&algorithm=SHA1&issuer=Symantec

Now all you have to do is to paste the entire line into the “One-Time Password” field inside 1Password.

Press save in 1Password in the lower right side of the window.

Let’s try it out!

If you added the field described above, as a result, you should now have an indicator showing a timer and a six-digit generated key on one of the lines of information in 1Password for your PayPal password.

If you’ve have done all of the above and everything worked, you are now ready to try it out. Log out of PayPal, and try to log in again using 1Password. It should automatically fill out the password and then copy the generated six-digit key into the clipboard. Paste the six-digit key into the field when PayPal ask for it. You should now be logged in.

1password Add 2fa

Conclusion

Download 2fa Authenticator

If you think that this was a lot of stuff to do just to get better security in PayPal, you’re absolutely right. Send an email to PayPal and ventilate your anger. If they just used normal 2FA-encryption you wouldn’t need all this work. But if you managed to get through all this, give yourself a pat on the back. You just made your PayPal much safer and also gives you a more convininent way of logging in with two-factor authentication.