- Open and unlock 1Password, select the Login item for the website, then click Edit.
- Click the item detail menu to the right of a new field and choose One-Time Password.
- Click to open the QR code scanner window.
- Drag the QR code from the website to the scanner window.
If you can’t drag the QR code, most sites will give you a string of characters you can copy and paste instead.
- Click Save.
What 1Password offers is greater convenience. Since 1Password already runs securely on Mac and iOS devices, you can have access to your 2FA codes on any of your Mac and iOS devices without having to mess around with Bluetooth (which means that it will work on any Mac, even ones without Bluetooth 4.0). For me, the best thing about 1Password is the browser plugins, so you can log in just by hitting the shortcut ⌘ +. This is so convenient and just works. The second best thing is the ability to have 2FA stored inside my 1Password vault: 1Password 2FA integration. Do store recorvery codes in a safe place, like OneDrive Vault, 2FA-protected OneNote or in a password vault like 1Password. Do register your GitHub account with your 2FA-protected Facebook account for GitHub account recovery. This is the absolute last recovery option and is considered secure (even if your Facebook account is breached). As mentioned by 1Password in a recent blog post, having the OTP generator and password on the same device is very much not 2FA. It's just an expiring OTP, which can help, but let's not kid ourselves too much. With that out of the way. One of the things that was interesting to me was moving my OTP out of Authy and into 1Password. On GitHub Enterprise Server, on the 2FA page, type the code and click Enable. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem.
- Open and unlock 1Password, select the Login item for the website, then tap Edit.
- Tap “Add new one-time password”.
- Tap to scan the QR code from another device.
If you can’t scan the QR code, most sites will give you a string of characters you can copy and paste instead.
- Tap Done.
Tip
To automatically copy one-time passwords to the clipboard after filling a login, tap Settings > Password AutoFill and turn on Auto-Copy One-Time Passwords.
- Open and unlock 1Password, select the Login item for the website, then select Edit.
- Select to the right of the field (Shift + Enter) and choose One-Time Password.
- Click and choose “From my screen” to scan the QR code.
If you can’t scan the QR code, make sure it’s visible when you minimize 1Password. Alternatively, most sites will give you a string of characters you can copy and paste instead.
- Select Save.
- Open and unlock 1Password, select the Login item for the website, then tap .
- Tap “Add new section”, then tap “Add new field” and choose One-Time Password from the list.
- Tap to scan the QR code from another device.
If you can’t scan the QR code, most sites will give you a string of characters you can copy and paste instead.
- Tap Save.
Github 1password 2fa Extension
Tip
To automatically copy one-time passwords to the clipboard after filling a login, tap Settings > Filling and turn on “Auto-copy one-time passwords”.
2FA and Password Managers
tl;dr - use 2FA everywhere you can. use a password manager like lastpass/1password etc., too.
The Internet’s a scary place, and we keep most of our cool stuff there. We need to do everything we can to keep the baddies out. That way we can sleep better at night, without the teeth grinding and nail biting and other anxious habits that might emerge worrying that baddies are accessing our stuff.
Google Account
Instructions on enabling 2FA for Google Accounts can be found at:
https://support.google.com/accounts/answer/180744?hl=en
A day or so after your start date, 2FA enforcement is enabled, requiring 2FA in order for you to access your google account.
Trello
This cool company you may have heard has support for 2FA.
Instructions on enabling 2FA for Trello can be found at:
https://trello.com/2fa
Github
Instructions on enabling 2FA for Github can be found at:
https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
Note: Github ain’t messing around. If you lose your 2FA access method, it’s very unlikely that they will reset your account and let you back in. Be sure to print out those backup codes! Seriously. On paper. Don’t store them on your phone.
If you've lost access to your account after enabling two-factor authentication, GitHub can't help you gain access again. Having access to your recovery codes in a secure place, or establishing a secondary mobile phone number for recovery, will get you back into your account.
Slack
Instructions on enabling 2FA for Slack can be found at:
https://slack.zendesk.com/hc/en-us/articles/204509068-Enabling-two-factor-authentication
All the other things
Github 2fa Cli
Any company related service that you have access to which supports 2FA should have it enabled.
Github 2fa Microsoft Authenticator
All the non-2FA things
For services that do not support some form of 2FA, it’s triply important that you have a strong unique password (12+ characters, non-dictionary, etc.) that’s not shared with any other accounts. In order to comply with this requirement and avoid a life of sticky notes covered with crazy passwords, we are asking everyone to use a Password Manager such as 1Password or KeePass. Please take some time today to set one of these up and add all of your work related accounts to it (be sure to de-duplicate any passwords that you use in more than one place and take advantage of the strong password generation tools that Password Managers offer to increase the length of any weak ones).
Oh and one OTHER thing - unsolicited password reset requests
If you ever get a password reset request that you don’t know about/didn’t request, let someone on the systems team know. Don’t assume it’s benign, and let us check it out to make sure everything’s OK.
2fa Password
If you have any questions about a specific account or 2FA in general, please reach out to IT.