Use android phone to approve each authentication
Hello,
I'm a new user of 1Password and have tried to find the answer myself but came up a little dry.
What I want to achieve is the following:
I sometimes have to use a shared windows computer (where my vault is installed) and would like the have to authenticate in 1pass every time I want to use credentials from the vault.
Problem is that my 1Pass vault password is rather large and it's an inconvenience to have to manually enter it every time.
I would be great if I could use my phone to approve the use of any password from within my vault on my PC or something like that, so I don't have to enter my master password every time.
Is there a way to achieve this?
If so, what happends if I somehow don't have my phone handy? I would much prefer to enter my master password then. (or maybe a second, backup password?)
Thank you for any help provided.
Regards.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10 and Android
Sync Type: Not Provided
Comments
-
Greetings @Saisaijo,
Currently there is no way to use one copy of 1Password on a particular device to unlock 1Password on another. I'm afraid you will need to enter your Master Password on the shared Windows PC. It isn't a trivial feature because the password is about encryption and decryption rather than authentication and transmitting keys is not something to be taken lightly. Would it be cool yes, I can't argue but the risk should something go wrong means if we ever did implement something like that it would have to be basically bullet-proof for fear if something went wrong.
0 -
Hello @littlebobbytables ,
Thank you for the reply.
I;m thinking that something similar to this is having 2FA? I login manually in the vault, but would still need my phone to approve each login.
What happens if I don't have my phone handy though?...0 -
Hello @Saisaijo,
2FA is purely authentication I'm afraid and can't help with decryption. We do support 2FA with our 1Password accounts (see Turn on two-factor authentication for your 1Password account) but this is about whether the server allows a client to communicate with it. We could add 2FA to the client, so it requires both your Master Password and the current code but this would be security theatre because only the password can decrypt the data and if somebody was to take a copy of the encrypted vault they could bypass the 2FA given it isn't part of the actual process.
Now you may be accustomed to quick unlock, something that both 1Password for iOS and Android have. In both cases that is only possible by trusting the operating system. Your decryption key is stored somewhere safe on the device, some place only accessible to 1Password and that is combined with the biometric authentication (in terms of access). You wouldn't want that stored on a shared device though.
I do get the desire to make it more convenient but we have to be very careful when it involves security. One slip and it's a disaster.
0