A security scenario for a 1Password account
I have 2FA enabled + 2 physical security keys (+ fingerprint access on an android phone) (and 1Password will lock in this browser when closed or after it is idle for 5 minutes.)
I have the Emergency Kit physically printed out as well as saved as a pw protected file on a USB key.
I want to understand a bit better how my 1Password account can be breached if say "someone" has my MP (and nothing else).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I want to understand a bit better how my 1Password account can be breached if say "someone" has my MP (and nothing else).
If someone only has your Master Password, they won't be able to access your 1Password account, or decrypt your data, because the Master Password alone is not enough to do anything. This is true in every scenario where the attacker does not have access to any of your devices.
For completeness, however, and since your question was broad enough not to make this distinction clear, I will cover also an exception scenario. If someone were able to steal your laptop, and your laptop also happened to be unlocked at the time it was stolen, the attacker would be able to access your 1Password data only with your Master Password, since in this case they would only have to unlock the 1Password app. Only you can know how likely such an attack is to succeed in your environment, but I am tempted to say that the likelihood of both those events happening at the same time are quite low.
In any other case, the Master Password won't be enough.
===
Daniel
1Password Security Team0