Newbie 1Pasword questions
Hi,
I have 1Password installed on my iPhone 8+ and my MacPro running HighSierra.
How do I find out what plan I am subscribed to? Basic or Premium?
I plan on buying YubiKey 5 NFC keys to lockdown all web and banking sites I use on my home computer and iPhone.
How do I turn on 2FA so it uses the Keys to access 1Password? I would assume that the key becomes the master password,,, Correct?
Thanks,
Comments
-
Hi @hassiman!
How do I find out what plan I am subscribed to? Basic or Premium?
We don't have a Basic or Premium subscription plan. We have Individual, Families and Teams/Business accounts. You will see the type of account in the invoice you receive :+1:
How do I turn on 2FA so it uses the Keys to access 1Password?
Here is the documentation page for that:
Use your U2F security key as a second factor for your 1Password account
I would assume that the key becomes the master password,,, Correct?
No, the Master Password will always be required. The key will be necessary in addition to it.
0 -
Does one first enter the Master password snd Then the Key is required.... I would guess that that would be the sequence. If this us true then the Master password need not be that complex as even if is used, without the hardware key no one cAn get in... Correct?
0 -
A strong Master Password is still vitally important. A hardware key will do nothing to protect you in the event your encrypted data were to be stolen, either from one of your devices or from our servers.
U2F is great, and does help mitigate some threats, but it will never be a replacement for a strong password.
Ben
0 -
Dear Ben,
I had been under the impression that my 1password data was stored on your servers with Military grade Blowfish type encryption. The 1 Password Master password would need to be long, complex and as random as the login passwords 1Password generates for my user sites to really be tough for hackers. Such a password would be inconvenient if not impossible to remember and carrying on you in written form would be defeating the purpose. Can the Master password on an iPhone be biometric, like a fingerprint? I had been under the impression that using a hardware key like a YubiKey 5 NFC with 1Password would make my 1Password account impossible to hack unless a hacker had physical possession of the my key and the computer and or iPhone.... Even if they had my Master password, without the key they can not gain access. Is this untrue?0 -
"Military grade" isn't a term we use as there is no practical definition for it. Who determines what constitutes "military grade"? We use AES, rather than Blowfish.
The 1 Password Master password would need to be long, complex and as random as the login passwords 1Password generates for my user sites to really be tough for hackers. Such a password would be inconvenient if not impossible to remember and carrying on you in written form would be defeating the purpose.
We have a guide that may help in choosing a good password here:
How to choose a good Master Password
Can the Master password on an iPhone be biometric, like a fingerprint?
It is possible to use Touch ID or Face ID with 1Password for iOS if your device supports it, but your data is still encrypted using your Master Password which is ultimately what protects you.
I had been under the impression that using a hardware key like a YubiKey 5 NFC with 1Password would make my 1Password account impossible to hack unless a hacker had physical possession of the my key and the computer and or iPhone.... Even if they had my Master password, without the key they can not gain access. Is this untrue?
This is not true. U2F (such as a Yubikey) doesn't strengthen the encryption at all. It only has any effect on authentication — when you attempt to obtain the encrypted data from the server. It doesn't protect the encrypted data already on your device at all. That's what the Master Password does.
U2F is one tool in the security toolbox, but it isn't the ultimate solution to replace all other tools. In the case of 1Password, it isn't even the most important one. The most important one continues to be the Master Password.
Ben
0 -
Dear Ben,
Concerning your reply the YubiKey5:
“This is not true. U2F (such as a Yubikey) doesn't strengthen the encryption at all. It only has any effect on authentication — when you attempt to obtain the encrypted data from the server. It doesn't protect the encrypted data already on your device at all. That's what the Master Password does.”I am not new to Computers but I am new to password managers and Authentication keys either software or hardware. When you said that the YubiKey 5 only has an effect on authentication I had assumed that it would be used to authenticate access to my 1Password account not to encrypt the passwords it protects. I specifically wanted to be sure that the retirement accounts I access on my iPhone be secured from possible SIM Swapping attacks. As far as encrypted data is concerned I Thought no Data lives on my phone or computer ut on your servers.
Please excuse my lack of understanding... trying to learn.
Thanks,
Rich
0 -
I specifically wanted to be sure that the retirement accounts I access on my iPhone be secured from possible SIM Swapping attacks.
If you are concerned about this attack, you could also use an authenticator app for your 2FA codes, rather than a security key, as an alternative :+1:
As far as encrypted data is concerned I Thought no Data lives on my phone or computer ut on your servers.
A cached copy of your data is stored on your devices too, so you can access it when you are offline.
Please excuse my lack of understanding... trying to learn.
No need to apologize! We are here to help :)
0 -
Which Authenticator Apps would you recommend and how are they more secure than a hardware key?
0 -
We don't recommend anything specific, but I know that a lot of users use Google Authenticator, Authy, or Microsoft Authenticator.
how are they more secure than a hardware key?
I don't believe they are more or less secure, but since they don't use SMS codes either, they would address the concern you have :+1:
0