Hello, I'd be happy if someone could confirm that I'm thinking correctly about having two-factor tokens in 1password. So let me express my thoughts:
Having the tokens in 1password compared to having them in, say, Google Authenticator on a phone is:
Have I missed something? (2) and (3) happens all the time. If I'm not wrong, (1) hasn't happened yet. With a locked vault (this includes breaking to Dropbox), 1password is pretty much theoretically unbreakable. With an unlocked vault, it depends to some degree on the security of the OS and some obfuscation as per keeping the master password in the memory and/or communication between the extension and mini (both iOS and desktop), but is theoretically breakable. Now given that the theoretically possible vectors are extremely difficult to perform, even if someone discovers such an attack, I'm safe if the net worth of my 1password vault doesn't count in millions.
Am I right?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided