A security scenario for a 1Password account

jmjmjmjm
edited February 11 in Lounge

I have 2FA enabled + 2 physical security keys (+ fingerprint access on an android phone) (and 1Password will lock in this browser when closed or after it is idle for 5 minutes.)

I have the Emergency Kit physically printed out as well as saved as a pw protected file on a USB key.

I want to understand a bit better how my 1Password account can be breached if say "someone" has my MP (and nothing else).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • DanielPDanielP

    Team Member

    @jmjm:

    I want to understand a bit better how my 1Password account can be breached if say "someone" has my MP (and nothing else).

    If someone only has your Master Password, they won't be able to access your 1Password account, or decrypt your data, because the Master Password alone is not enough to do anything. This is true in every scenario where the attacker does not have access to any of your devices.

    For completeness, however, and since your question was broad enough not to make this distinction clear, I will cover also an exception scenario. If someone were able to steal your laptop, and your laptop also happened to be unlocked at the time it was stolen, the attacker would be able to access your 1Password data only with your Master Password, since in this case they would only have to unlock the 1Password app. Only you can know how likely such an attack is to succeed in your environment, but I am tempted to say that the likelihood of both those events happening at the same time are quite low.

    In any other case, the Master Password won't be enough.

    ===
    Daniel
    1Password Security Team

  • In any other case, the Master Password won't be enough.

    Thanks for the detailed reply @DanielP.

    (I can't be the only one to debate if one's MP is robust enough.)

  • DanielPDanielP

    Team Member
    edited February 11

    @jmjm:

    Certainly not, and it's good that you are thinking about these things :)

    ===
    Daniel
    1Password Security Team

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file