I am taking on the tedious task of cleaning up my saved passwords and making my account logins more secure. I have hundreds of old passwords that 1Password’s Watchtower has indicated are weak, reused, or associated with unsecured websites.

Additionally, I have some passwords on websites that have been compromised (according the haveibeenpwned.com database) and a bunch more on those where two-factor authentication is available but I haven’t set it up.

If you use 1Password, I recommend upgrading to version 8 for access to the same experience. Let me know if you want help getting set up with this great password manager.

Refresher on Two-Factor Authentication

wrote about two-factor authentication (2FA) in May 2020. This feature adds a layer of security to account logins by combining something you know (your password) with something you have (a verification code).

At the time, I discussed getting codes via a device, text message, or authentication app. The ability to use 1Password as that app or device, though, was unknown territory for me.

I recently learned about this functionality and have implemented it for myself. I find logins way easier to accomplish using 1Password alone than by referencing a text message or picking up a second device.

Turn On Two-Factor Authentication

On a given website where you log into an account, you may find in your account settings the ability to enable two-factor authentication (2FA), two-step verification, or a similarly named security feature.

You’ll probably navigate to this in your profile, often via a link in the top right corner of the website. Look for “Settings” and then “Security,” “Advanced,” etc.

Scan a QR Code

When enabling 2FA, I recommend choosing Authenticator App as the method. (You may have to first verify via text message.)

The next step will be to scan a QR code or enter a one-time password. In your 1Password entry for this account, there might be a banner inviting you to do so. (Note: 1Password requires Screen Recording permission to see the QR code on the screen and convert it to the password it represents. Enabling this will require quitting and reopening 1Password.)

Otherwise, edit the entry, add a One-Time Password, and click the QR code icon. Or, click the 1Password extension in your browser, click the ︙, and choose Scan QR Code.

As a last resort, if you’re unable to capture a QR code, the website should provide the one-time password in text and you can copy that into the 1Password entry.

Enter Verification Code

However you manage to capture the one-time password, when you save your 1Password entry, you’ll see a 6-digit verification code that changes every 30 seconds.

At this point, 1Password should be able to autofill the code in the field on the website. If not, you can copy the code and paste it there manually. This completes the process of setting up 2FA for this account.

1Password Autofills the Code

When you subsequently log into this account, you’ll enter your username and password as usual (or have them autofilled by 1Password). Then, on the next screen, it will also fill the 2FA verification code (also called “one-time password” or OTP).

1Password also provides thorough documentation about this process on its website. And if even that isn’t detailed enough or you need a helping hand, you can always reach out to me for guidance.

Take the opportunity to ensure no random website breach leads to spam, phishing, or fraud related to your online accounts.