Access to Family account

Radoc
Radoc
Community Member

Like many others here, I'm a longtime 1PW user navigating the path from a standalone, local vault to a family account with default and non-default vaults. I'm set up as the only Family Organizer (owner). To access the account in my browser, I only need to manually enter one piece of information, the Master Password. Questions:

  1. After the initial login, two other items are already present: my email address and my Secret Key, which is partially hidden. The same is true when my wife, the only other account user, logs in. Are these Secret Keys stored in cookies? Does this pose a security risk in any way?

  2. Is there an MFA option to log into the account site?

Thanks.


1Password Version: 7.8.7
Extension Version: 7.8.7
OS Version: macOS 11.6

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @Radoc Your Secret Key and Master Password secure your data on 1Password's servers. Your data on your device is secured with your Master Password and by whatever security you have on your device.
    1. Your Secret Key is stored on your device in a slightly obfuscated, but unencrypted form because it is required to generate the encryption key which unlocks your data. If you are concerned about this then give everyone their own device user account, set a strong device passcode/password, set short locktimes and enable device encryption where it is an option.
    2. You can turn-on two factor authentication for all your devices and apps on the website. You only need to authenticate once per device and once enabled you can disable it from any authenticated device. It supports authenticator apps and YubiKeys. Not all 1Password apps support YubiKeys, so you need to add the authenticator app first. https://my.1password.com/profile/2fa

  • Radoc
    Radoc
    Community Member

    Hi @rootzero: Thanks for the info, esp. MFA - I missed it under more actions in the profile section.

  • Glad to hear that answered your questions @Radoc, and thanks @rootzero for the assist :smile:

This discussion has been closed.