Is it possible to enable dual/two factor authentication (version 4.6)?

Is it possible to enable dual factor authentication for that version on windows?


1Password Version: 4.6
Extension Version: Not Provided
OS Version: Windows 7
Sync Type: Dropbox

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @sdks: No. 1Password encrypts your data; it does not authenticate you. Your personal 1Password vault is stored only on your device, unless you copy it elsewhere, not hosted by AgileBits, so there isn't anyone to authenticate you. And therefore, no one can pretend to be you in order to gain access to your vault. I hope this helps. Please let me know if you have any other questions! :)

  • sdks
    sdks
    Community Member

    It doesn't really help. If somebody has access to my pc and knows my vault password he can easily see all my passwords. As far as I know LastPass has feature that you supposed to have mobile phone near to the PC to be able using the vault. So the question is, does the 1Password has similar functionality?

  • AGAlumB
    AGAlumB
    1Password Alumni

    If somebody has access to my pc and knows my vault password he can easily see all my passwords.

    @sdks: That's exactly right. Don't give them your Master Password.

    No one knows enough about you to authenticate you. The flip side of that is that, unlike LastPass, AgileBits doesn't even have a hash of your Master Password, so we can't have it stolen from us.

    We don't have your secrets. You do. So you'll need to make sure you don't give them to anyone by furnishing them with your vault and your Master Password. So long as you choose a long, strong, unique Master Password, no one will be able to guess it. And PBKDF2 strengthens it further against brute force attacks.

  • sdks
    sdks
    Community Member

    The password can be long and complex enough. But there are a lot of ways to steal the password anyway. For example any complexity of the pass does not help you against keyloggers.

  • Hi @sdks,

    In our opinion, the issue of Authentication vs. Encryption is not as clear cut as most popular discussion portrays it to be and encryption has a lot of upsides, which is why it's our choice for securing your data.

    But you're absolutely right: malware like keyloggers can potentially siphon off your master password and make it available to criminals.
    That is why you can set 1Password 4 for Windows invoke a Secure Desktop where you will have to enter the master password, no matter if you're unlocking your vault in one of the browser extensions, or in the main app.

    I hope this helps!

This discussion has been closed.