Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Some accounts will require access from multiple users, potentially in different locations and without access to a physical security key or SMS verification code. In this case, we can still secure the account with MFA, add it to 1Password, and then configure 1Password to act as the MFA point.

Info

WARNING: Do NOT do this with highly privileged/ultra-sensitive accounts. As we saw with LastPass, there is no 100% secure solution for storing credentials and MFA is the last line of defense against a full compromise should malicious actors gain access to our 1Password vault.

\uD83D\uDCD8 Instructions

...

  1. Create a new password entry for the account in 1Password if needed.

  2. Search 2fa.directory for the account service’s website.

  3. Click the blue book icon.

  4. Follow the instructions on the service provider’s website for their MFA setup instructions.

  5. When you reach the point of scanning a QR code, choose whichever option is presented to convert the QR information into code.

  6. Copy the text from the red box above and flip back to 1Password

  7. Locate the account and click the sideways ellipsis icon at the top right, then choose “Edit”

  8. In the Labels section of the page that opens for the account, click the ellipsis icon and choose “One-Time Password” from the dropdown.

  9. Paste the code from Steps 5 and 6 above into the notes box as shown.

    Image RemovedImage Added
  10. The code will convert to a standard 6 digit timed one-time password field after saving. This can then be used to authenticate as needed and can also be auto-filled along with the rest of the login information if you’ve set up the 1Password entry that way.

  11. Ensure any required users can access the account entry in 1Password and never deal with sticky MFA situations again! Note that this may require additional setup/licensing etc. depending on the department.

...