Session Key Enhancement Suggestion

Hi,

Regarding the Disney Employee attack (see Lounge post "Did 1Password get hacked? The Disney Employee said hackers got into his 1password account."), a commenter suggested that 1P was illicitly accessed by stealing a session key for a 1P session. If that's possible (even if it wasn't the problem in this case), can't 1P modify it's session keys so this is detected and prevented? Apparently session key harvesting is sometimes employed by hackers, so this this would be a useful security enhancement.

Thanks,

Mike

feature request

Forum Discussion

Session Key Enhancement Suggestion

Recent Discussions

Feature request: Name for entities linked to your account

For how long will an entry get sync to desktop from browser extension?

Logon failures with MyChart in Firefox

Auto-login Problem on MyChart

Unlock in Safari --> "Open this page in 1Password?"