Intentionally stop synching with a specific device
Hi, wondering if I had a device lost or stolen if there's a way I could prevent synching of new data to that particular device (deauthorizing and/or changing security key)? My reasoning is that if my device were lost/stolen I could technically change all my passwords (or at least the important ones) so that even if the thief was able to successfully hack the data on my device (although unlikely), the passwords would be useless to them. But it would be pointless to change my passwords if the new/updated passwords would automatically synch to the stolen device.
I understand that changing the security key would not prevent a password brute force attack since the old key could be cached, thus the master password would be the only line of defence. Also the thief could prevent a deauthorize command simply by keeping the device off-line (but that would also prevent synching too of course).
I know a hack is unlikely provided we use a strong password, but just exploring ideas to be extra secure in a worst case scenario.
Thanks!
Chris
Comments
-
Hi @chris000!
Hi, wondering if I had a device lost or stolen if there's a way I could prevent synching of new data to that particular device (deauthorizing and/or changing security key)?
You can indeed deauthorize a device :+1:
Deauthorize the lost device
0 -
Thanks for that. If the lost device is never brought back online I assume the deauthorization will never happen? Also, if I changed the security key, would this also prevent syncing to the old device, or would it have to be deauthorized?
Thanks!
0 -
@chris000 - correct. The local cache of your data is what allows you to use 1Password even when you do not have an internet connection; it's designed that way intentionally. Changing the Secret Key in a browser at https://my.1password.com will not make any difference because the local cache on your device still uses the original.
However, the first time 1Password is opened on a stolen device, it will contact the server and deauthorization would occur. An attacker would need to 1) target you specifically, then 2) know that sync could be prevented by keeping the device offline (like in airplane mode) and 3) know or be able to guess/crack your Master Password and Secret Key.
0 -
Thanks for that information. If I'm understanding correctly, deauthorizing a device pretty much guarantees that synching to the stolen device is impossible since the device would have to connect to the server in order to synch; and as soon as it connects the deauthorize command would sever the link to the device Thus changing important passwords would be worthwhile after all (with no need to create a new 1Password account). That's all reassuring. Thanks for clarifying.
Chris
0