Honestly, Jeff, what would be the client downside to offering it as an option? I understand it would entail more work for your excellent crew, but other than that I don't see the negatives.
For every one report of “someone stole my computer, is my data safe?” query that we get, we get 100 “I’ve forgotten my master password” queries. (That’s an exceedingly rough estimate. We don’t keep a tally of these, but that 1 to 100 ratio seems about right to me.) We know that people lose access to their 1Password data, while we know of no case of someone breaking into someone’s data.
Now, suppose you are traveling and your phone gets stolen or damaged. If you don’t have access to a computer or device that is already linked to your Dropbox account, you won’t be able to reset two-step authentication. You won’t be able to access your 1Password data, which in turn means that you won’t be able to access many of the accounts and services you need. At least, you won’t be able to until you either get to the piece of paper where you wrote down your backup code or get to a computer or device that is already linked to your Dropbox account.
There was a part of the blog post that bothers me:
Assuming your phone is out of commission, you theoretically have no access to 1Password. How do you plan to get into Dropbox without the password for it, even if 2-factor is disabled? This is a problem that has bothered me for a while, regardless of 2-factor authentication.
1. Imagine husband/wife or business partners or someone you had shared your master password with (for whatever reason)
Penelope Pitstop wrote:
Jeff advocates using strong, memorable passwords for key services like Dropbox (like he does for the master password). So, if you did that too, you could easily access your 1PW data from any computer if 2-factor was disabled.
If 2-factor was enabled on Dropbox, you would need to get another of your devices already authenticated with Dropbox, one of your digital backups of 1PW or the paper backup of key service passwords. Presumably the latter two would both include the 6 digit code you need to turn 2-factor off for Dropbox.
Not sure if that answers your question or not.