To protect your privacy: email us with billing or account questions instead of posting here.

2FA

Chippelchen
Chippelchen
Community Member

Do you plan to add 2FA for a second layer of protection beside the master password and the secret key? I still feel bad about the stored vault in the cloud..


1Password Version: 6.8.1
Extension Version: 4.6.10
OS Version: macOS High Sierra
Sync Type: 1Password

Comments

  • Hi @Chippelchen! Thanks for using 1Password, and posting about something you'd like to see in it. :) The Secret Key already works to strengthen your Master Password, as you know, and the two encrypt your data. Without both of them, your data can't be accessed. Adding another factor of authentication isn't necessary with a 1Password account because of the way your data is encrypted already.

    As a bit of background, in the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But in an account, the Secret Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Secret Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later — you're probably not going to remember the whole thing. ;)

    It’s great to have a Master Password and Secret Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Secret key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server.

    All this to say, 2FA would add an element of time to the mix. It could be interesting to see in 1Password, and we'll certainly keep it in mind. Cheers!

  • Chippelchen
    Chippelchen
    Community Member

    Thanks for the help :)

  • You bet! :) We're here if you have some other questions.

  • nosferatuwho
    nosferatuwho
    Community Member

    @Jacob I have a question, is it possible to get keylogged with 1password? I know that I read somewhere that you guys have the security input in place, but I just want to make sure

  • nosferatuwho
    nosferatuwho
    Community Member

    @Jacob another question is that, whats the difference between OTP vs 2FA? they seem like the same thing.

  • @nosferatuwho It looks like you asked both these questions in another thread, and we've answered them there. :)

This discussion has been closed.