Feature Suggestion: Don't sync 2FA/MFA/OTP to all devices
Hey,
One of the features of 2FA/MFA/OTP is that even if your password is known to an attacker, they still can't get access to the account, because they don't have the extra one-time password.
If you have 1Password in the browser, or the desktop version, and an attacker has full access to the computer, they would be able to extract the one-time-password seeds from the 1Password vault.
In general, I trust my phone more than I trust, let's say my Windows gaming computer. I would love the option to only sync the one-time-passwords to specific 1Password devices, itself protected by the MFA of 1Password for example, maybe with an e-mail confirmation when another device is added to that sync.
That way, the username and passwords are still available on my Windows machine in 1Password, but if I need the OTP, it's only available via 1Password on my phone.
Currently, I have a family account, so I store the most sensitive accounts and OTP in an account that's only logged in on my phone, then share a vault with the more common accounts that should be accessible on both. It works, but it also makes it impossible for me to access the password for the account on the other machines.
I think the option to either only sync the OTP to specific devices, or maybe even choose which fields in an entry to share to other devices through a shared vault, would be a great addition to security.
Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
💯 It’s no good being on every device. I would also like the option to disable auto fill of the totp code.
0