Two-factor authentication is an extra layer of protection for your 1Password account. With two-factor authentication, a six-digit authentication code will be required to sign in to your account on a new device, in addition to your 1Password account password and Secret Key. Your YubiKey can provide the authentication codes.
Learn more about authentication and encryption in the 1Password security model.
Set up two-factor authentication
Before you can use your YubiKey as an authenticator to sign in to your 1Password account, you’ll need to install the Yubico Authenticator app. Then follow these steps:
Sign in to your account on 1Password.com.
Click your name in the top right and choose My Profile.
Click More Actions > Manage Two-Factor Authentication.
Click Enable Two-Factor Authentication. You’ll see a 16-character two-factor authentication secret.
Insert your YubiKey into the USB port on your computer.
Open Yubico Authenticator and choose File > New Credential.
Enter your account credentials and click Save credential:
- Issuer: Enter “1Password”.
- Account name: The email address you use with your 1Password account.
- Secret key:* The 16-character two-factor authentication secret.
To hide the six-digit authentication codes until you touch the sensor on your YubiKey, turn on Require touch.
On 1Password.com, click Next, then enter the six-digit authentication code.
Your 1Password account is now protected by two-factor authentication. To continue using your account on other devices or to sign in to it on a new device, you’ll need to enter a six-digit authentication code from Yubico Authenticator.
* The secret key is not the Secret Key for your 1Password account.
Tip
After you turn on two-factor authentication, you can also use your YubiKey as a U2F-compatible second factor, so you won’t need to ender a six-digit authentication code in supported browsers.
View and manage trusted devices
To view your trusted devices, sign in to your account on 1Password.com. Then click your name in the top right and choose My Profile.
To manage an trusted device, click next to it. You’ll find these options:
- Deauthorize Device: Your account will be removed from the device.
- Require Authentication Code: Your account will remain on the device, but changes you make on other devices will not appear on that device until you reauthorize using a six-digit authentication code.
Get help
Using your YubiKey as an authenticator to sign in to your 1Password account requires:
- a 1Password membership
- a YubiKey 5 Series, YubiKey 4 Series, YubiKey NEO, or YubiKey FIPS Series. Compare YubiKeys.
Yubico Authenticator requires Mac, Windows, Android, or Linux. To sign in to your 1Password account on an iOS device, use a different authenticator app.
If you lose access to your YubiKey
If you lose access to your YubiKey, you won’t be able to sign in to 1Password on new devices until you turn off two-factor authentication. To turn off two-factor authentication:
- Sign in to your account on 1Password.com in an authorized browser.
If you don’t have access to an authorized browser, ask someone to recover your account.
- Click your name in the top right and choose My Profile.
- Click More Actions > Turn Off Two-Factor Authentication.
If your team uses Duo
If your team uses Duo, you won’t see the option to turn on two-factor authentication because Duo is already providing multi-factor authentication for everyone on your team.
If 1Password isn’t accepting your authentication codes
Make sure the date and time are set correctly on Mac , Windows , and Android .