2FA - General question | 1Password Community

Former Member

4 years ago

Asking for 2fa while there is a cached copy of your vault on the device doesn't increase security, so it isn't used.
There is a long comprehensive reading about this somewhere on the 1Password website.

The short answer is this:
2fa in general protects remote web logins.
If you login first time on a new device, you provide 2fa on the website and your encrypted vaults are copied (cached) from the cloud to the device.
It isn't possible to protect local data with 2fa, because 2fa only generates the information: "authentication succeeded" or "authentication failed". If you directly access the data files without the 1Password app, you're always allowed to access the data - in encrypted form.
So if an attacker wants to steal your data, he just can take the cached copy as file from your device, without 2fa, and try to hack it anyway. The master password protects that data, because it is used directly as key to decode the data.

Forum Discussion

2FA - General question

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Universal Autofill + Chrome extension not working with latest Chrome on macOS (142.0.7444.60)

Misleading pricing to upgrade

Watchtower score not identical

Safari Extension won't fill if too many tabs open

Support for Zen browser