Feature suggestions: Double encryption of TOTP secrets requiring 1pass multi factor code to unlock
A Concern I have seen is that storing TOTP secrets inside of your password manager along with the password for a site is breaking the security model for multi factor. Of course you can just make a personal decision to never store the TOTP secrets this way, but sometimes the real world demands a little more convenience.
What I might suggest is an vault level, account level, or group/family/company level setting that you can turn on that would enforce all stored TOTP secrets to require unlocking on each use using your 1password multi factor code.
So even when you have unlocked your password database, the secrets for the TOTP codes would remain in an encrypted form and the way to unlock them for use each time would be to give your current 1password multi factor code to decrypt and use those secrets. Use of yubikey, or push notification to another logged in device might also be a way to unlock use of the stored TOTP codes.
You may be storing these codes in your 1password because you did not want 100 different TOTP codes on a completely separate authentication app on your phone. This way you can have the multi factor inside of 1password but with a middle ground where these secrets are still encrypted and locked while the main database is otherwise open and some level of multi factor action is required to unlock them each time.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hi @Upcraft!
Thank you very much for taking time out of your day to to share this feedback! We appreciate every idea that could make 1Password even better.
I can see how this could be useful to you, so while I cannot make any promises, I can tell you that I have shared your feedback internally :)
Once again, thank you and have a wonderful day!
ref: dev/projects/customer-feature-requests#230
0