Why 1Password X never ask for 2FA
Hi ,
I have tried this in Edge, Chrome, Firefox, but after I have filled with Security Key , Master Password for first time log-in.
It never asks for 2FA even I closed the browser , cleared cookie.
Is it possible to have it ask 2FA when I reopen the browser and after put Master Password for re-login ?
As I feel insecure if someone can access my computer and know my Master Password, then all the vault leak.
1Password Version: Not Provided
Extension Version: 1.22.3
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi
1Password uses 2FA to authenticate you before downloading your password database to your device. Once the database is on your device then anyone with access to your device and your master password can decrypt it. An additional 2FA step would stop someone using the 1PW apps to decrypt it, but wouldn't stop an attacker using decryption software as 2FA doesn't play any part in the database encryption.
In other words, your master password, secret key and 2FA protect your database from remote threats. Your master password and your device security protect your database from local threats.
If you're concerned about a local attacker accessing your device then set a strong device password and check that storage encryption is enabled. If using Windows 10 then one option is to log in to your Windows account using a security key like Yubikey and to keep this with you at all times.0 -
Hey @ayanamireiiz ,
Indeed, what @missingbits wrote is correct. Your account's 2FA is only used the first time you add a new device to it (e.g. you download the 1Password app on a new phone or install it on a new computer). That's when you'll need to authenticate with your 2FA, but after that you will only need your Master Password to unlock 1Password. :chuffed:
0