Deauthorize Devices

Hi @JOeMTC

Thanks for taking the time to write in! There is not currently a way to de-authorize a device. That is something we hope to be able to add (along with some other improvements in this area) in the future. :)

Ben

You're most welcome. :+1:

Ben

@MDBrown: It's actually not critical at all, but I don't blame you for thinking that it could be. We need to make it clearer and improve this overall. I'll explain.

Currently the "authorized devices list" is more like a log of "devices that have been authorized ever". The "authorization" itself refers to the fact that you've logged into your account there, and the Account Key is stored securely so you only have to type the Master Password upon further visits.

If you wipe this data (delete 1Password for iOS, clear the browser cache, etc.) it is impossible for someone to login on that device again without all of your credentials. But the 1Password web interface has no way of knowing if you delete an app on your iPhone, for example. So if you reinstall 1Password there and login again, it's the same device, but a new authorization will show up on the website. This is important because then you'll know almost immediately if someone other than you has obtained and used your credentials.

But as far as authorization, it does not mean that the device is allowed to access your account until the end of time. Even if you forget to wipe it before giving it away, at the very least they'll need your Master Password. So while a device's authorization doesn't pose a security risk, it would be nice, to be able to proactively deauthorize one, for example if it were stolen, just in case — and frankly make it easier to see at a glance what devices are authorized: I probably have this Mac listed 15 times. :lol:

Hi @JOeMTC,

I’m glad to see that Brenty’s response helped you out. It’s great that you’re thinking carefully about the security of your data, and we’re always here if you have any other questions or concerns. :)