Suggestion - Extra Security Level - 'Local Authentication Tag'
To further enhance security, a new additional authentication mechanism should be added that complements the existing password protection. This feature, which could be called 'Local Authentication Tag', would allow users to specify a custom sequence of characters, stored locally on their devices only. The user would be responsible to update this tag on every device that is running 1Password. This tag would be appended to generated password, providing an extra layer of protection in case unauthorized access is gained to their 1Password account.
In the event of such a breach, the added complexity would render the attacker unable to access the associated data, as they would not have access to the locally stored authentication tag. This feature would effectively prevent unauthorized access, even if a malicious actor gains control of the user's online account.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
I'm not sure I fully understand. Could you expand on your message?
The user would be responsible to update this tag on every device that is running 1Password. This tag would be appended to generated password, providing an extra layer of protection in case unauthorized access is gained to their 1Password account.
If a users site password is stored in 1Password how would this prevent use? Your data itself is encrypted by your password and would be unseable unless you provide the account password.
This feature would effectively prevent unauthorized access, even if a malicious actor gains control of the user's online account.
The Secret Key helps protect your data on 1Password.com and must be provided on any devices that are new and have never been used to access 1Password.com.
It almost sounds as if you're describing a feature some sites use that requires adding 2FA to the end of the password. I'd recommend looking into adding 2FA to your logins and also possibly using passkeys to further protect any accounts.
Use 1Password as an authenticator for sites with two-factor authentication
Save and sign in with passkeys in your browser
Please help me to better understand how to help you.
0 -
I don't switch systems, so I completely forgot about the Secret key to log into 1Password. So, you can ignore the suggestion.
0 -
I feel that. I never switch devices for the most part (personally). It stays fresh in my mind as I need to access many different testing systems.
Always feel free to share anything that comes to mind. We're always here and listening.
0
