Signed up for 1Password7 on one of my computers. I want to put it on my other computer. How
I signed up for 1Password7 on one of my Mac computers. I love it. Now I want to put it on my other Mac computer so that I can use it there also. How do I do this?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
If by signed up you mean that you started a 1Password membership. You would want to follow this set of instructions for adding your account to the other Mac.
Let us know if you have any questions.
0 -
You said:
To add your account to 1Password for Mac: " In your browser, sign in to your account on 1Password.com".
Do I do all of this on my existing Mac, where I already have 1Password7?
Or do I do all of this on my other Mac computer, where I want 1Password7 to also be available for me to use?0 -
Hey @bbl,
Sorry for any confusion caused. Here are the highlights. In order to sign into 1Password on a different device you need your account credentials: email address, sign-in URL (which is https://my.1password.com), Secret Key, and Master Password. There are a few places you can find/gather this information:
- If you're syncing the two Macs using iCloud and have Keychain syncing enabled then everything except the Master Password will already be synced to the other Mac. All you'd need to do is enter the Master Password.
- You can also get this information from your Emergency Kit if you've printed one (highly recommended): https://support.1password.com/emergency-kit/
- You can find it in 1Password on the already signed in Mac, under 1Password > Preferences > Accounts > [Your Account]
- It will also appear on the Get the Apps page in the web app at https://start.1password.com/apps
You can download the 1Password 7 for Mac software onto the new computer here: https://1password.com/downloads
Once installed select the option indicating you're already a 1Password user, and then use one of the above mentioned options to gather your credentials and enter them into the app.I hope that helps!
Ben
0 -
Well I did it. Not intuitively easy.
BIG QUESTION: I want to be forced to use my google authenticator EVERY SINGLE TIME I log in. Is that a choice I have? Otherwise, I feel unprotected.0 -
Well I did it. Not intuitively easy.
Thanks for the update. Would you mind elaborating on which part of the process you found to be unintuitive? How might we make things better?
BIG QUESTION: I want to be forced to use my google authenticator EVERY SINGLE TIME I log in. Is that a choice I have? Otherwise, I feel unprotected.
I can appreciate the concern, however it sounds as though this is working as designed. Please allow me to explain. 2FA serves a different role with 1Password than it does with traditional authentication based services, because 1Password's security is encryption based.
Authentication and encryption in the 1Password security model
The function of 2FA with 1Password membership accounts is to help protect the device authorization process. Once a device is authorized 2FA is no longer required, unless the device is subsequently deauthorized through the web app, or the browser/app's locally cached copy of the secret is cleared. Essentially 2FA helps prevent a replay attack from authorizing a device. It is not designed to help in the case that someone has access to one of your authorized devices. As such 2FA does not prevent you from accessing locally cached data (e.g. while your device is offline). Without authenticating with 2FA you're not able to download changes from the server, but you can access what has already been downloaded.
Changing this so as to require the 2FA authentication to happen on every unlock would require giving up offline access, which is one of the core functions of 1Password and part of our foundational design. And then there is some question as to the actual protection that these sorts of change would provide compared with the perception of protection, i.e. "security theater."
The Security Key is your best protection against someone who doesn't have access to one of your devices, and your Master Password is your best protection against someone who does.
I hope that helps. Should you have any other questions or concerns, please feel free to ask.
Ben
0 -
Your explanation was very good. Thank you. You said: "Changing this so as to require the 2FA authentication to happen on every unlock would require giving up offline access, WHICH IS ONE OF THE CORE FUNCTIONS OF 1PASSWORD". BUT...BUT...but...but....many (myself included) have wanted to stay with the offline single version (as it used to be) rather than subscription, for just this reason,,,,,because we do NOT do our bills or money management or other important things anyplace else other than with our ONE computer in our OWN home. For this of us like that, we would ALL, I would guess, really like that layer of security IF WE WANTED IT. I know I would REALLY like the ability to authenticate every visit to 1Password, before I even have a chance to sign in with my very precious 1Password password.
Anyway, I suppose if I want it, I could erase all of my cookies each time I am online. Would that work?0 -
ps to what I just wrote a minute or two ago:
you said: "It is not designed to help in the case that someone has access to one of your authorized devices."
YES yes yes, requiring two factor authentication WOULD help, because if someone has my computer, knows my secret password, or unfortunately has keylogger on my computer, they still cannot get in because they need two factor authentication, in my case my Google authenticator, which is on my phone, which they do NOT have, to be able to even get into my 1Password. Yes?
0 -
Anyway, I suppose if I want it, I could erase all of my cookies each time I am online. Would that work?
Clearing your browser's local storage would indeed necessitate entering the 2FA code each time you access 1Password in that browser, but it would have no effect on the apps.
YES yes yes, requiring two factor authentication WOULD help, because if someone has my computer, knows my secret password, or unfortunately has keylogger on my computer, they still cannot get in because they need two factor authentication, in my case my Google authenticator, which is on my phone, which they do NOT have, to be able to even get into my 1Password. Yes?
It would not help because the encrypted data is already on your device. They would attack that directly, rather than trying to authenticate with the 1Password server.
Ben
0 -
Ben, I appreciate your patience with me!!! It is totally possible that I am thinking incorrectly. I do feel that there are many like me, and I have read it over and over on this help website, and also on-line, for years, many people who are very nervous about the ONE password (whether your company or another password program) that gets you into EVERYTHING with one password, all at once. The one password authentication thru your company is apparently very safe according to your statements. I will trust your word on that and that is why we have decided to use 1Password.
However, out of your reach, and out of your control, there are many factors in individual people's circumstances around the world. To have a PASSWORD (in my case, a google authenticator on my phone, that verifies that it is ME trying to get into the program,,,, before I even get to the place where I enter my ONE PASSWORD, is important. Can you see that? Maybe I am just too paranoid?0 -
Can you see that?
Absolutely, and that is why we offer 2FA to protect the device authorization process. But I think it may help to take a step back and evaluate what the actual threat is here. As it stands someone would either need:
- Both one of your authorized devices and your Master Password (which only you know and is never transmitted to us) OR
- All of your credentials: your email address, Secret Key, Master Password, and 2FA token
If we're talking about scenario #1 how would 2FA help here? They'd be able to open and view your 2FA authenticator app (e.g. Google Authenticator) the same as you can, assuming they can unlock your device (which is another layer of security). Either way though, with your device in their possession, a sophisticated attacker is just going to pull the encrypted data off of the device and attack it directly. They aren't going to try to talk to the server, which is where 2FA is applicable. 2FA has no bearing on the data that is already on your device... all we can do to protect that data is encrypt it (which we do) using your Master Password. This is why a strong Master Password is still important even if 2FA is turned on.
The only other approach I'm aware of that we could take here would be to NOT store the data on your device at all, and instead require that it be downloaded from the server every time you unlock. That is the only way in which we could truly require 2FA on every unlock. This seems to be the exact opposite of what you're asking for here. This would mean if you (or we) are offline you would be unable to access your data at all, as you'd be unable to communicate with the server. This is an unacceptable risk from our perspective, as well as from many of our clients. Additionally it would mean a significant increase in bandwidth utilization both for us and for clients as the full database would have to be downloaded on each unlock, instead of syncing only changed items. Again, not something that would be practical.
Does that make sense?
As a more general response about our security model, and how we protect your data, you may be interested in these links:
- About the 1Password security model
- Authentication and encryption in the 1Password security model
- 1Password Security Design White Paper (in-depth technical details)
Please let me know if you have further questions.
Ben
0 -
You say it is an app on my browser. It doesn't go out into the World Wide Web. I have no clue what this means or how it works but I have decided to just trust, and move forward. Somehow that difference is the key. Perhaps these types of conversations are buried deep into various correspondence with people, as this one is. It must be irritating and certainly time consuming for you to have to repeat repeat repeat and yet I see many people still hesitate to get the subscription vs the stand alone for exactly these reasons. If you tell me I am safe, I have chosen to believe it. By the way, for 2 factor authentication, why not include google authenticator in your list of choices instead of just AUTHY or Microsoft? Many people have google auth and it just threw me off. I hope my google auth is set up correctly even though you didn't mention that one. Thank you for all of your help.
0 -
@bbl:
By the way, for 2 factor authentication, why not include google authenticator in your list of choices instead of just AUTHY or Microsoft? Many people have google auth and it just threw me off. I hope my google auth is set up correctly even though you didn't mention that one.
I think the team probably tested all of these, and realized that Authy or Microsoft authenticators worked best in general. But if you prefer Google Authenticator, I think it won't hurt to try it :+1:
0 -
I was just signed in at the 1password app, and why does it list that I am connected on FIVE BROWSERS, when I am connected only only two. The other three were times, including in the last week, when I was signed into your 1password app. It should say I have connected FIVE TIMES, not that I am connected to FIVE BROWSERS. Yes? Also, I tried to put my 1password account onto another computer, and it didn't work. Question: do you have videos of how to do this, and to do that? I need videos
0 -
Please ignore my last question. I pushed "post comment" when I meant to erase it.
0
