Feedback regarding the new 1Password sign-in experience
The recent addition of ability to setup another device by scanning a QR code on existing device is very risky and should require more than just biometric authentication at the moment the operation is requested, ie whole password. Additionally the system should send me a text message an hour or so later, to increase the likelihood that I am made aware of such copy, without the new being able to delete trace of these notifications (ie email does not work here since the other phone can login to me email but they can't see my texts).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Android
Browser: Not Provided
Comments
-
Hello @oschoenborn! 👋
Thank you for the feedback! Can you tell me a little more about your concerns regarding the new sign in experience? The new experience is safe and secure and the team has spent a lot of time making sure that the new sign-in experience increases convenience without sacrificing security:
The design of the QR code ensures that it's resistant to phishing and you will always need to confirm your intent to link a new device to your 1Password account by entering the right confirmation number or accepting a prompt after scanning the QR code to establish a secure and encrypted connection between devices to transfer session information and key material. The code itself doesn’t contain sensitive information, making it safe from screenshots or shoulder surfers.
Once signed in, 1Password will send you a sign-in notification email as it does for all successful sign-in attempts, even those with the existing manual method. You'll also see the new device listed on your profile (in the top right corner) when logging into and accessing 1Password on the web.
You can always continue to use the existing manual sign-in method if you wish. 🙂
-Dave
0
