What do I do when my 1Password gets hacked?

For some years I've satisfactorily been using 1Password 6. I have no account, but purchased the app by a one time payment. I was wondering if my account ever gets hacked, how to retrieve my access?


1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: 10.15.4
Sync Type: Dropbox
Referrer: forum-search:1password 6 hacked

Comments

  • Hi @shirleyh

    Could you please elaborate a bit about the scenario you're concerned about?

    Ben

  • shirleyh
    shirleyh
    Community Member

    Hello Ben, What if somehow my master password was retrieved... Can somebody then login on a new device or is authentication needed? And could someone change my master password? Best, Shirley

  • Hi @shirleyh,

    I'd be happy to try and address that based on the configuration information you've provided. Assuming someone was able to get your Master Password from you, they would still need a copy of your encrypted data, either from one of your devices, or from Dropbox. If they were able to do that they could potentially change your Master Password, but you'd have a backup in 1Password for Mac which could be decrypted using the password you know. At that point resetting all of your passwords would be the priority. That is a bit of a worst case type scenario, though, and is highly unlikely if you:

    1. Choose a strong Master Password using the guidelines outlined here: How to choose a good Master Password and don't share it with anyone
    2. Use a unique password generated by 1Password for Dropbox
    3. (Optional, but good practice) Enable 2FA for your Dropbox account: How to enable two-step verification | Dropbox Help
    4. Use strong unique passwords for signing into each of your devices

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • shirleyh
    shirleyh
    Community Member

    Hi Ben,
    Thank you for your elaborate explanation... And I will check and take these 4 steps.
    Best, Shirley

  • On behalf of Ben, you're welcome.

  • shirleyh
    shirleyh
    Community Member

    Hi Ben,
    Today I went through all your steps and it was really helpful to have a better understanding of how 1Password works. There is just one more thing for me to be clarified and that's why it's better to have unique (master) passwords for each device....
    Thanks again, Shirley

  • Shirley,

    Depending on your situation that may not be necessary, but just speaking generally unique passwords are more secure than reused ones, as if someone gets access to one account where you've reused the password then chances are much higher they'll be able to access other accounts that use the same password. Many folks don't use different login / unlock passwords for each device though and that is probably fine in most cases. Where I would urge unique passwords would be to differentiate between work owned/monitored devices and home/personal devices. E.g. I wouldn't recommend using the same password on your work computer as your home computer, if applicable.

    Ben

  • shirleyh
    shirleyh
    Community Member

    Clear, thanks again!

  • You're welcome. :)

    Ben

This discussion has been closed.