In case my master password is stolen, what happen?, my concern before I can buy the app

Dear admin
I am still using 1password in Iphone and Android, I am very happy and I plan to buy this app in windows and Mac. However my concern is about the security in this case because 1password do not provide 2 step authentication with Authenticator of Google, so please correct me if I am wrong

  • If I lost my master password in windown or Mac because the hacker use keylogger, hacker can set up 1password in his computer and just entry my master password and he can see all my pw.
  • So if the password manager such as last-pass which I also use in window, if the hacker have my master password, he need to pass the 2 step authentication first. it is very safe.
    So, I need your explain or something before I am confident to buy the 1password.
    Many thanks and sorry about my english :(
    HuuMiu

1Password Version: 4.6
Extension Version: Not Provided
OS Version: Win 7
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @HuuMiu,

    Your English is great, there's nothing to apologize for.

    Having your master password is not enough, we do not have a copy of your database anywhere, 1Password is a local program that stores your data locally. There is no 1Password account someone can just log in with your master password and grab its data, which mean he has to have total control of your computer and grab your 1Password data as well.

    Note: we do have a cloud-based service coming soon, 1Password for Teams, it will be using using Account Key instead.

    On Windows, we have Unlock on Secure Desktop to protect against keyloggers, you can find out more here: https://guides.agilebits.com/1password-windows/4/en/topic/using-secure-desktop

    This prevents any processes from listening into 1Password's processes, so this can protect you against keyloggers.

    However, to expand on this, the short answer is that if the hacker has total access to your computer, not just keylogger, and can do whatever he or she wants, there's nothing most apps can do to defend against this. Ask yourself this question, what happens once you do enter your 2FA code and the hacker still has access to your computer?

    I would suggest reading through our security guides here: https://support.1password.com/security/

    We've written a lot of guides on this. 2FA may help but it doesn't prevent this problem. 1Password's security is based on encryption, not authentication. Your 1Password data is stored on your computer, we do not store your data elsewhere, which means the hacker must have total access to your computer and if the hacker does have that total access, there is nothing that most apps can do to protect themselves. 2FA is merely a line of defense but can be bypassed since the hacker has total access.

    if the hacker have my master password, he need to pass the 2 step authentication first. it is very safe.

    Actually, it's not that easy. He also has to have something to unlock, which means he has to upload your 1Password data file from your system and then unlock it on his computer. Having a copy of your master password is not enough.

    If you sync with Dropbox, he would then have to attack Dropbox, breach your Dropbox.com account and then grab the 1Password data file from there. Once he does that, he needs your master password. If he has total access to your PC, he can just bypass this and grab it from your computer.

  • Hi Mike, that is a great explanation which I tried to search in the internet but I didn't have the reasonable answer, you totally convinced me. I have no more concern to buy your app.
    many thanks
    HuuMiu

  • brentybrenty

    Team Member

    On behalf of MikeT, you are most welcome! I'm glad he was able to answer your questions. It sounds like you should be all set, but don't hesitate to reach out if we can be of further assistance. We're always here to help! :)

  • thanks AgileBits team :) I bough your product :), I am very happy with this app !!!

  • DBrownDBrown 1Password Alumni

    That’s great news, @HuuMiu; thanks for letting us know!

    Be sure to let us know if there's anything else we can do to help, too.

This discussion has been closed.