2FA protection/ no autologin/autofill

TheWeetek
TheWeetek
Community Member

Hello.

I have a question.
I react on this topic, where is written, why 1password doesnt support autologin..

https://1password.community/discussion/28123/any-way-to-truly-auto-fill-entries-without-user-intervention/p2

my question is

  1. in the topic is written, that autologin and autofill is set to manual, because of potencial malware webpage, or added invisible script - but what protects me from phising, when I fill the data manually? Or the only difference is, that I choose, when to fill and where not, but otherwise I dont have any control of being phised by this way..

  2. If I use 2FA for certain pages, and let me being logged.. and if I set YUBIKEY click on certain pages - is hacker able to "re-join" my own IP adress, which means, he will bypass 2FA? (meant it will look, like I am connecting to some service, but actually it will be him) .

  3. If I have PC on, but dont watch and someone hacks my PC, he can just invisibly connect to my services, for example if I will have autofill and autologin in Lastpass? like I guess there are two states - when he remotely controls my screen and I can see, that he is hacking me , so I guess, it will be complicated, and he could be able to "have remote control, have other screen of my harddisk, which I dont see, and without my consciousness do, what he wants" .. - only protection against this would be having the important services secured by 2FA or MFA , so he might see the passwords, but cannot autologin, as he cannot skip the second autentification..

Am I thinking right?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

This discussion has been closed.