What 1Password offers is greater convenience. Since 1Password already runs securely on Mac and iOS devices, you can have access to your 2FA codes on any of your Mac and iOS devices without having to mess around with Bluetooth (which means that it will work on any Mac, even ones without Bluetooth 4.0). Microsoft’s mobile Authenticator app now works as a password manager. It can autofill passwords on iOS or Android, and passwords will even sync to Google Chrome.
Get an authenticator app. Although 1Password can be used to store one-time passwords for other. If you'd prefer to use a different (totally offline) authenticator app like Google Authenticator, just save somewhere safe the long secret string or scannable QR code you receive when setting up 2FA on your 1Password account. Either can be used with any standard authenticator app in. In addition to being a password manager, 1Password can act as an authentication app like Google Authenticator, and for added security, it creates a secret key to the encryption key it uses.
-->Important
This content is intended for users. If you're an administrator, you can find more information about how to set up and manage your Azure Active Directory (Azure AD) environment in the administrative documentation for Azure Active Directory.
If you're having issues signing in to your account, see When you can't sign in to your Microsoft account for help. Also, you can get more info about what to do when you receive the “That Microsoft account doesn't exist” message when you try to sign in to your Microsoft account.
The Microsoft Authenticator app helps you sign in to your accounts if you use two-factor verification. Two-factor verification helps you to use your accounts more securely because passwords can be forgotten, stolen, or compromised. Two-factor verification uses a second factor like your phone to make it harder for other people to break in to your account. You can use the Microsoft Authenticator app in multiple ways, including:
Two-factor verification. The standard verification method, where one of the factors is your password. After you sign in using your username and password, you can either approve a notification or enter a provided verification code.
Phone sign-in. A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN.
Code generation. As a code generator for any other accounts that support authenticator apps.
Authenticator works with any account that uses two-factor verification and supports the time-based one-time password (TOTP) standards.
Your organization might require you to use the Authenticator app to sign in and access your organization's data and documents. Even if your user name appears in the app, the account isn't set up as a verification method until you complete the registration. For more information, see Add your work or school account.
Download and install the app
Install the latest version of the Microsoft Authenticator app, based on your operating system:
Google Android. On your Android device, go to Google Play to download and install the Microsoft Authenticator app.
Apple iOS. On your Apple iOS device, go to the App Store to download and install the Microsoft Authenticator app.
Important
If you're not currently on your mobile device, you can still get the Microsoft Authenticator app by sending yourself a download link from the Microsoft Authenticator page.
1password Mfa
Next steps
After you download and install the app, check out the Authenticator app overview to learn more. For more setup options, see:
Authenticator app. Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see Set up security info to use an authenticator app.
Mobile device text. Enter your mobile device number and get a text a code you'll use for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a text message (SMS), see Set up security info to use text messaging (SMS).
Mobile device or work phone call. Enter your mobile device number and get a phone call for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a phone number, see Set up security info to use phone calls.
Security key. Register your Microsoft-compatible security key and use it along with a PIN for two-step verification or password reset. For step-by-step instructions about how to verify your identity with a security key, see Set up security info to use a security key.
Email address. Enter your work or school email address to get an email for password reset. This option isn't available for two-step verification. For step-by-step instructions about how to set up your email, see Set up security info to use email.
Security questions. Answer some security questions created by your administrator for your organization. This option is only available for password reset and not for two-step verification. For step-by-step instructions about how to set up your security questions, see the Set up security info to use security questions article.
In addition to your password, login.gov requires that you set up at least one secondary authentication method to keep your account secure. This is two-factor authentication (2FA). We use 2FA as an added layer of protection to secure your information.
Secondary authentication
We encourage you to add two methods for authentication to your account. If you lose access to your primary authentication method (i.e. losing your phone), you’ll have a second option to use to get access to your account. Login.gov is unable to grant you access to your account if you get locked out and/or lose your authentication method.
Security
Although you can choose from several authentication options, some authentication methods such as Security Keys, PIV/CAC cards and authentication applications are more secure against phishing and theft.
Authentication application
Authentication applications are downloaded to your device and generate secure, six-digit codes you use to sign in to your accounts. While authentication applications are not protected if your device is lost or stolen, this method offers more security than phone calls or text messaging against phishing, hacking, or interception.
If you choose this secure option, follow these steps to download and install one of the supported applications and configure it to work with login.gov.
- Choose a device, such as a computer or mobile device (phone or tablet), on which you can install apps.
- Download and install an authentication app to your device. Some popular options include:
- Android options: Google Authenticator, Authy, LastPass, 1Password.
- iOS options: Google Authenticator, Authy, LastPass, 1Password.
- Windows apps: 1Password, OTP Manager.
- Mac apps: 1Password, OTP Manager.
- Chrome extensions: Authenticator.
- Open a new browser and sign in to your login.gov account at https://secure.login.gov/.
- Select “Enable” next to “Authentication app” and follow the instructions to scan or enter a code associating your authentication app with your account.
You will now be able to use the one-time passcodes generated by the application each time you sign in to login.gov.
Security key
A security key is typically an external physical device, like a USB, that you plug into your computer. The key is linked to your accounts and will only grant access to those accounts once the key is plugged in and activated. Since a security key does not rely on your cell phone, it has the highest level of protection against phishing and built-in protections against hacking if it is lost or stolen.
Login.gov requires security keys that meet the FIDO (Fast Identity Online) standards. You can add as many security keys as you want to secure your account.
To use this secure option for login.gov authentication, plug the key into a USB port and assign the key a name to identify it with your login.gov account. The next step will ask you to activate your key. This is generally done by pressing a button on the key itself.
PIV or CAC for federal government employees and military
Physical PIV (personal identity verification) cards or CACs (common access cards) are secure options for federal government employees and military personnel. These cards, with encrypted chip technology, are resistant to phishing and difficult to hack if stolen.
Text message / Phone call
Text messages/SMS or phone calls are convenient but are extremely vulnerable to theft, hackers, and other attacks.
If you choose to use this less secure option, enter a phone number at which you can receive phone calls or text messages. If you only have a landline, you must receive your security code by phone call. Login.gov cannot send security codes to extensions or voicemails.
We will send a unique security code to that phone number each time you sign in to your login.gov account. Each security code expires after ten minutes and can only be used once. If you don’t enter the security code within ten minutes, request a new code.
After you receive the code, type it into the “one-time security code” field. Each time you sign in to login.gov you’ll have the option of getting a new security code by phone call or by text. You will receive a new security code each time you sign in to your login.gov account.
Backup codes (less secure)
1password Authenticator App Android
Backup codes are an accessible option for users who do not have access to a phone. However, backup codes are the least secure option for two-factor authentication. Backup codes must be printed or written down which makes them more vulnerable to theft and phishing.
If you select this less secure option, login.gov will generate a set of ten codes. After you sign in with your username and password, you will be prompted for a code. Each code may be used only once. When the tenth code has been used you will be prompted to download a new list. Treat your recovery codes with the same level of care as you would your password.
No phone or other authentication method
If you do not have access to a phone, authentication application, security key, or any other authentication option, you can set up your account with only backup codes.
Warning: Setting up your account with backup codes as your only authentication method is not recommended. If you ever lose your backup codes, you will not be able to sign in to your account.
When you create your account, you will reach the “Secure your account” page. This is where you must choose your primary authentication method. If you do not have access to any of the other options, select “Backup codes” and click “Continue.”
On the “Add another method” page, select “I don’t have any of the above” and click “Continue.”
Back to top