To protect your privacy: email us with billing or account questions instead of posting here.

1Password can be unlocked on deauthorized device [intentional; allows offline access]

asukulu
asukulu
Community Member
edited May 2023 in Memberships

I deauthorise my PC and require TFA from the site on my iPad but when I open the app on my PC it is not deauthorised or asking for the TFA until the app is opened again and sometimes takes 4 or 5 times opening. This a is a security flaw and long enough for a hacker to steal my data. I’ve noticed it’s happened quite a few times.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Ben
    Ben
    edited May 2023

    Hi @asukulu

    I appreciate the concern. Thank you for taking the time to write to us about it. This is expected behavior. Please allow me to explain.

    Deauthorizing a device will not prevent 1Password from being unlocked on that device. It will prevent that device from authenticating to the 1Password.com service and syncing any new/changed items. Existing data is cached on the device and so you can continue to access that cached data while offline / disconnected from the server. This is by design. We don't want folks to have to be connected to the internet in order to access their data.

    I hope that helps clarify the situation you're seeing.

    Ben

This discussion has been closed.