Whatsapp Web-like authorization for 1Password Teams/Families?

lukasvogel
lukasvogel
Community Member

Hi,

I noticed that I find it rather uncomfortable to access my 1Password online on a public computer since I need to type in my key and master password by hand – how do you think you could make that easier?

I'd prefer being able to scan a QR code that gets generated by the website with my phone and have it unlock that way. Is that possible right now or is it maybe part of a future version?

Thanks for offering a trial for 1Password Families btw, I like it so far!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • khad
    khad
    1Password Alumni

    Hi @lukasvogel,

    Thanks for taking the time to contact us.

    You should indeed feel uncomfortable entering all the information needed to sign in to your 1Password account on an untrusted computer. We do not recommend doing that.

    The QR code wouldn't help anything since, although it is less human-readable, it is not less machine-readable. It contains exactly the same information you enter by hand, and, thus, from a security standpoint, it would not make a difference in this area.

    The best option is to install 1Password on your iPhone or Android phone and sign in to your 1Password account in the app, so you always have your data with you.

  • lukasvogel
    lukasvogel
    Community Member

    Thanks for the advice @khad,

    But I thought more about "authenticating by using a trusted device" like Whatsapp Web offers it: I type in my e-mail address and the website creates a QR code that I can scan via my phone. My phone then notifies the server that it should unlock the vault by sending master password and access key via its own internet connection.

    This would make it a lot easier to quickly access my passwords without having to manually type in randomly generated passwords of a length of 30 characters or more.

  • The problem with that model, as described, is that it seems it would require the Master Password to be transmitted. Part of the foundation of 1Password is that your Master Password is never transmitted.

    It is an interesting concept, and I'll certainly pass the feedback along to our development team for their consideration. I'm just not sure that it would fit with what we currently have set up.

    Ben

This discussion has been closed.