Two-Step authentication? [see post #4 followup]

VxD

Hi there,

I was wondering if there are plans in the future to introduce some kind of 2-step authentication process in case my 1Password database falls into the wrong hands.
Let's imagine the (unlikely) event where someone gets access to my iCloud account and manages to sync my vault, there is currently nothing which prevents her from bruteforcing my master password in the 1Password UI (or is there?)

Perhaps we could have a notion of "trusted devices", whose hash is stored inside the vault. If you try to open your vault on a trusted device, the password only is enough. If you try to open the vault on a new device, you will need to approve the device from another device which can already open the vault (a bit like Wi Fi Sync)
1Password could generate a fallback password to be printed by the user when activating 2-step authentication for the first time. When registering a new device, and no other device is available to validate the new device, the user could fallback to entering this password. You would only have 3 tries to enter this password, after that the device is blacklisted, a security alert is sent by mail, or some other clever mechanism to deactivate unauthorized access.

What do you think?

hawkmoth

You might find this AgileBits blog post of interest. There is other discussion in the forums, but I'm not finding it at the moment.

VxD

Thanks, this blog post makes a lot of sense.

Jasper

I'm glad to hear that the blog post helped! If you're interested in further information, please see this discussion:

Multifactor Authentication

Please let us know if you have any other questions. :)