Why do I need a strong master password when you give me a secret key and I can turn on 2fa

candlepop
candlepop
Community Member

Why do I need a strong master password if to get into my account someone needs (a) my master password and (b) my secret key and (c) my phone (since I have 2fa turned on)?

Even if someone gets my master password, they can't get in my 1password account unless they also have my phone and secret key. So is a strong master password really that important?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:why do i need a strong master password

Comments

  • Ben
    Ben
    edited August 2021

    Hi @candlepop

    This is a great question. Thanks for asking.

    Even if someone gets my master password, they can't get in my 1password account unless they also have my phone and secret key.

    Your phone remembers your Secret Key, and as such it isn't needed every time you unlock the app. The Secret Key exists to protect the data on the server, not the data on your device. If someone were to steal your device, your Master Password is what protects you. If there were some way to be absolutely certain nobody else could ever get their hands on one of your authorized devices... then you'd be right: the strength of the Master Password wouldn't matter so much. As I don't believe any of us can guarantee that, it is best practice to choose a strong Master Password.

    There are indeed multiple layers of protection, but each serves a different purpose and each is important. I hope that helps!

    Ben

  • kram5819
    kram5819
    Community Member

    My master password is very strong,

    I would like to see 1password Implement a password or pin number to log into your 1password account, perhaps an eight-digit pin that you can use in place of a password.

    When I get on my computer, this is what I do.

    I log into Bitwarden** first ** when logging into Bitwarden, they offer you the opportunity to use a 6 or 8 digit PIN number **or **a password, your choice & I use an 8 digit PIN number it's a lot easier to remember.

    From there I look for my 1 password password that I have stored in Bitwarden, then I copy it and then paste it in the 1password login on my Chromebook and log into 1 password that way.

    This way, I don't have to worry about remembering my master password. I also have an Android device with fingerprint, so I could always get in that way to double-check my password, so I don't forget it.

    My master password for 1password 35 characters it's loaded with symbols dashes capitals it's impossible to remember

    It looks something like what you see below but of course I've made this up, it's** not** a password at all that I use is just an example of how strong my master password is to get into my 1password account.

    y6y_wcuiz$7bHsaA2x&akEek*jL^rWeNFcN

    That's an impossible password to remember. But having Bitwarden as a backup is a good thing and I can get in easily, and then I copy and paste, and then I'm in with no problem, and I've also got my password in the safe written down but who wants to type in a long password like that even a hacker would probably get aggravated and move on to the next one.

    I also use two-step authentication on anything that I can that makes it even more difficult to get hacked, but I like having a very long and strong master password I'm glad that Bitwarden has the pin number option to log in

    I hope one password will eventually do the same thing.

  • ag_ana
    ag_ana
    1Password Alumni

    @kram5819:

    I would like to see 1password Implement a password or pin number to log into your 1password account, perhaps an eight-digit pin that you can use in place of a password.

    Thank you for the suggestion!

    My master password for 1password 35 characters it's loaded with symbols dashes capitals it's impossible to remember

    We recommend finding a balance when it comes to the Master Password, so you don't make it too complex to type:

    How to choose a good Master Password

    There is of course also the option to use biometrics unlock if your device supports it, so you don't have to type your Master Password so often :+1:

  • kram5819
    kram5819
    Community Member
    edited August 2021

    Ag_ana
    When using a laptop such as a Chromebook which I use a Chromebook there is no way on my Chromebook to input a PIN number instead of your password you must only be able to put in your password my 1 password master password is 35 characters long and that's why I use bit Warden first copy my password and then login to my one password I think your referencing a mobile device yes on a mobile device I can use a pin or my biometrics but not on a Chromebook

  • ag_ana
    ag_ana
    1Password Alumni

    Understood :+1:

This discussion has been closed.