When setting up new Mac laptop, why was I not asked to enter my secret key?
I was setting up a new mac laptop; I downloaded 1Password from the App Store, after it was finished I used the option to 'sign in' to my 1Password.com account on the computer. This appears to have fully authorized the laptop to access all my passwords. I was under the impression that all new devices would need my secret key/emergency kit the very first time before they could access my account with only the password. All my browsers on the new laptop appear to be authorized on the laptop as well, which again, my experience in the past was that each new browser I wanted to use 1Password with needed my secret key the first time, before working with just the password. I'm not as concerned about the browsers, perhaps now with the desktop app more closely integrated with the OS, you're able to authorize the browsers because the computer itself is already authorized, but my main concern is that the machine appears to have been authorized in the first place without that emergency kit.
This development feels much less secure. I'd like to know why this is happening. I realized that there is a "2 factor" option for 1Password but my understanding is that that is a layer on top of the secret key authentication. The profile page for 2 factor describes it as 'in addition to your account password and Secret Key'.
Thanks for taking a look at my question.
-Rhoen
Comments
-
Encrypted copies of your Secret Key are stored in your device keychains to provide data loss protection. If you have iCloud enabled and lose your Mac, iPhone, or iPad, you can unlock 1Password with just your Password. it sounds as if you were already signed into iCloud.
2FA is only used upon device linking. It would not apply to use of the app.
0