Question about failed password attempt

Ixoth
Ixoth
Community Member
edited January 2023 in iOS

Hi, is there such feature in 1password, that if some one tries to guess one’s password to the vault - that the owner of the 1password vault will be notified via email, that an attempt was performed by someone to guess the password to the vault?
And maybe even have captcha enabled (or delay) between subsequent attempts to prevent brute force access to the vault? (Or have the vault locket for a while)?
I know bitwarden does have this feature (well no delay or locking but emailing and captcha they have).

Comments

  • Hello @Ixoth! 👋

    Good question! There isn't an option to have an email be sent to you if someone enters your account password into the app incorrectly. The reason for this is that it wouldn't truly capture all attempts. Your 1Password data is accessible even if you're offline which means that an attacker could just put your iPhone into airplane mode or turn off WiFi/cellular data and then try to guess your password. Since your phone is offline there would be no way for it to communicate to the outside world that someone is trying to unlock 1Password.

    And maybe even have captcha enabled (or delay) between subsequent attempts to prevent brute force access to the vault? (Or have the vault locket for a while)?

    1Password employs PBKDF2 to protect your data from a brute force attack. You can read more here: How PBKDF2 strengthens your 1Password account password

    It's important to remember that an attacker would need both your 1Password account password and Secret Key to log into your 1Password account and decrypt the data within it. And even if they did so, you will receive an email letting you know that your 1Password account has been accessed from a new device, and you'll see that new device listed on your profile (in the top right corner) when logging into and accessing 1Password on the web.

    Let me know if you have any questions. 🙂

    -Dave

  • Ixoth
    Ixoth
    Community Member
    edited January 2023

    Thanks for the answer Dave.

    I have a followup question: is it so that the content of the 1password account is no longer saved in user device - but only in 1password cloud? Something which was changed few months ago? If that is the case would not that make 1password less secure?

    I am using dashlane, but I am old user of 1password (used it at work in my previous company). I am using now 1password trial version, and I am thinking of which of aforementioned solutions I should use next as my main password manager. I used to use lastpass as main password manager, but due to their latest security incident, I closed my account for good and changed 400+ passwords (I probably should renew my credit cards as well).

  • @Ixoth

    When you use the 1Password app all of your items are stored locally on your device. Your items are also encrypted on your device and then backed up to 1Password.com so that you can see the same items on all of your devices and so that there is a backup of your data in case your device stops working or is stolen.

    Let me know if you have any other questions. 🙂

    -Dave

This discussion has been closed.