Genuinely baffled by the lack of unassumingly basic business functionality

FFAA
FFAA
Community Member
edited July 2022 in Business and Teams

I'm evaluating 1Password Business and find myself baffled and saddened by the fact that I can't allow myself to use it.

How is it not possible to enforce 2FA for website login?
How is it not possible to enforce a "cloud-only" mode for no local storage of passwords (and the abovementioned enforced 2FA)?
Why can't I double encrypt the local cache with a hardware key?

All previous searches keep repeating the same story where "1Password relies on encryption" and that 2FA would be security theatre.

How is asking for 2FA for a browser login that most people keep saved security theatre?
Is your actual stance that I'm supposed to type the password manually every time and expose myself to over the shoulder peeking? Do you, a password autofill company, honestly find it absurd that I'd like not to type the password manually?
Seriously I can't get over this. How is the scenario where I want to keep the master password saved for autofill and rely on my yubikey for 2FA, so that if someone breaches my device they can't get into the website without the second factor, not considered as an option?
You support windows hello in the app, why don't you support other factors on the website?

I also don't understand the lack of possibility for double encryption of the vault with hardware security keys. It would be a very valuable option. But since it's not available, how do you not envision the desire of businesses, in consideration of potential end-user device breaches, to enforce not having a local cache? Am I supposed to rely on the users' ability to keep their devices safe 100% of the time while sharing business secrets?
Are you completely unaware of the security posturing of average users who leave their passwords in clear text for everyone to see, and lend their unlocked phones without care?

How hard is it to have a "cloud-only' mode? Sure, users would lose offline access, but that should be my choice to make.

You are actually convinced that relying on the device's security is a good excuse to leave a vault with the literal keys to the kingdom protected by a password that a lot of average people will just keep saved as a note or as a contact because that's just how unaware they are of basic security.

If I seem upset it's because I really liked the idea of using 1Password and apparent developer stubbornness is preventing me from purchasing it.
A lot of (otherwise worse) competitors allow for this "security theatre". Some businesses don't believe it to be so.

Comments

  • Hi @FFAA,

    First, thank you for taking the time to evaluate 1Password Business for your organization and bringing up these concerns. After checking internally, I've been notified that a member of our Business team will reach out to you via email in the next day or so, as they'll be in the best position to assist here. Please be on the lookout for that and thanks again for trying 1Password.

This discussion has been closed.