What do I do when my 1Password gets hacked?

For some years I've satisfactorily been using 1Password 6. I have no account, but purchased the app by a one time payment. I was wondering if my account ever gets hacked, how to retrieve my access?


1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: 10.15.4
Sync Type: Dropbox
Referrer: forum-search:1password 6 hacked

Comments

  • BenBen AWS Team

    Team Member

    Hi @shirleyh

    Could you please elaborate a bit about the scenario you're concerned about?

    Ben

  • Hello Ben, What if somehow my master password was retrieved... Can somebody then login on a new device or is authentication needed? And could someone change my master password? Best, Shirley

  • BenBen AWS Team

    Team Member

    Hi @shirleyh,

    I'd be happy to try and address that based on the configuration information you've provided. Assuming someone was able to get your Master Password from you, they would still need a copy of your encrypted data, either from one of your devices, or from Dropbox. If they were able to do that they could potentially change your Master Password, but you'd have a backup in 1Password for Mac which could be decrypted using the password you know. At that point resetting all of your passwords would be the priority. That is a bit of a worst case type scenario, though, and is highly unlikely if you:

    1. Choose a strong Master Password using the guidelines outlined here: How to choose a good Master Password and don't share it with anyone
    2. Use a unique password generated by 1Password for Dropbox
    3. (Optional, but good practice) Enable 2FA for your Dropbox account: How to enable two-step verification | Dropbox Help
    4. Use strong unique passwords for signing into each of your devices

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Hi Ben,
    Thank you for your elaborate explanation... And I will check and take these 4 steps.
    Best, Shirley

  • ag_tommyag_tommy

    Team Member

    On behalf of Ben, you're welcome.

  • Hi Ben,
    Today I went through all your steps and it was really helpful to have a better understanding of how 1Password works. There is just one more thing for me to be clarified and that's why it's better to have unique (master) passwords for each device....
    Thanks again, Shirley

  • BenBen AWS Team

    Team Member

    Shirley,

    Depending on your situation that may not be necessary, but just speaking generally unique passwords are more secure than reused ones, as if someone gets access to one account where you've reused the password then chances are much higher they'll be able to access other accounts that use the same password. Many folks don't use different login / unlock passwords for each device though and that is probably fine in most cases. Where I would urge unique passwords would be to differentiate between work owned/monitored devices and home/personal devices. E.g. I wouldn't recommend using the same password on your work computer as your home computer, if applicable.

    Ben

  • Clear, thanks again!

  • BenBen AWS Team

    Team Member

    You're welcome. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file