Feature request - trojan protection

Hi,
My son recently had a trojan on his computer, so the hacker had access to his unlocked 1password vault and some of his accounts like amazon, messenger, discord...
Master password and secret key offer no protection if the attacker has access to a private computer where the vault is unlocked.

To protect critical informations such as credit card numbers, it would be cool to had an option that require to validate a push notification on the 1password smartphone app before to get access, from a computer or a web browser, to very important secrets (like Gmail notifications for 2FA protected accounts).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @GordonShumway:

    Generally speaking, if there's malware or other malicious software on a device, there isn't much that 1Password itself can do to protect itself. Your best best would be to keep your devices secure with anti-virus software as well as smart security practices like only downloading software from trusted sources. Thanks for reaching out!

    Jack

  • GordonShumway
    GordonShumway
    Community Member

    Thank you Jack for your reply.

    "there isn't much that 1Password itself can do to protect itself"
    Wouldn't 2FA be a protection ?
    Even with access to a private computer the hacker wouldn't be able to decrypt important secrets without user's phone.
    MS OneDrive personal vault work like that. You can access most of the files while connected on a private computer but you need the phone and 2FA to access very important datas in the personal vault.

This discussion has been closed.