1PW X and 2FA

Hi, I love 1PasswordX.

But that is an webbased Service.

Could I protect my vault with a 2Fa auth ?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Janob: Thanks for getting in touch! While local vaults cannot be protected in that fashion because they aren't authenticated, the Secret Key provides a second layer of security for a 1Password.com account (being "something you have") along with your Master Password ("something you know") since both are used to encrypt the data. Since neither are ever transmitted to us, that prevents an attacker who breaks into our server from performing a brute force attack against Master Passwords, since the Secret Key will also be needed. 1Password Teams Pro accounts also offer Duo authentication as a beta feature. I hope this helps. Be sure to let me know if you have any other questions! :)

  • Janob
    Janob
    Community Member

    but a keylogger could steel both. My PW and the Secret Key ?

    An why does only Pro accouts get 2FA ?

  • AGAlumB
    AGAlumB
    1Password Alumni

    but a keylogger could steel both. My PW and the Secret Key ?

    @Janob: Oh, absolutely. But that doesn't matter, as someone who can install a keylogger on your machine can just as easily perform a person-in-the-middle attack on you to use a 2FA token in your place, or simply collect your data as you access it. "2FA" isn't magic, and doesn't offer protection against those attacks — where your computer is owned by someone else; nothing does.

    An why does only Pro accouts get 2FA ?

    Because Duo is a paid service. We may be able to add additional authentication options for other plans in the future though, so thanks for letting us know you'd be interested! :)

  • netname
    netname
    Community Member

    Because Duo is a paid service. We may be able to add additional authentication options for other plans in the future though, so thanks for letting us know you'd be interested! :)

    Isn't 1Password also a paid service? Every other password manager has 2FA (Lastpass, which is free and Dashlane). It seems strange that 1Password does not have basic functionality that other password managers do.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @netname: We really don't have any interest in "basic" multifactor authentication that is insecure, so we've started with Duo on the Pro plan since we can roll the added cost into that. We're not going to add "2FA" just to have a checkbox as a feature comparison; we care about the actual security because we care about our users — ourselves included!

  • Hi folks! With the launch of 1Password Business, we've also added two-factor authentication for all types of 1Password accounts. That means you can set it up with a personal account, a family one, or a team one from your profile page.

    Turn on two-factor authentication for your 1Password account

    If you have some questions, feel free to let us know. Hope you like it. :blush:

This discussion has been closed.