Is there a way to check if someone tried to access my 1password account over the internet?

Dear sir/madam. Since one of my apps account was hacked last weekend, I am deeply concerned about my passwords security. One of my concerns is about someone trying to access my 1Password account using a browser (with my actual password or using brute force). So, I want to know if there is an access log to check who tried to access my 1Password account, when, from where, success/no success etc. Is it possible to get this info?

Sincerely yours,
José Luís


1Password Version: 7.2.4
Extension Version: 7.2.4
OS Version: OSX 10.13.6
Sync Type: Membership
Referrer: forum-search:Is there a way to check if someone tried to access my 1password account over the internet?

Comments

  • jin_dhaliwaljin_dhaliwal

    Team Member

    Hello @josehime,

    When you log into your account on my.1password.com you can see devices that have accessed your account on your profile page.

    From there you can determine if any of these are not your devices and deauthorize the device.

    Hopefully that helps. Please let us know if you need more info.

  • dancodanco Senior Member Community Moderator

    I would add that access to your 1password account requires both the Secret Key and the Master Password. The Secret Key is long and random and is created for you when you set up the account. Anyone trying to access your account from anywhere other than you own devices would need both, which makes intruder access to your account extremely unlikely unlikely

  • Dear jin_dhaliwal and Danco, thank you for you prompt responses. Actually, I am currently running in "paranoic mode", so I want to ensure my data is safe. Both answers together make me feel much more comfortable, thank you! Regards.

  • brentybrenty

    Team Member

    Glad that helped! Also keep in mind that you'll receive an email notification for any new sign ins. But as others have noted, someone would need all of your account credentials -- some of which are unguessable -- in order to sign in, just as you do on a new device. Cheers! :)

  • The email notification is a very important feature. If someone gets access to my credentials - unlikely, but possible - that feature will be the track no one can hide. Great!

  • brentybrenty

    Team Member

    Absolutely! :chuffed: :+1:

    And if you do ever lose control of your account credentials, you can change the Master Password, Secret Key, or both from your account's Profile page:

    https://start.1password.com/profile

    :sunglasses:

  • Since that email might be overlooked (or seen too late) I would appreciate a push notification in the mobile Apps (and maybe even make that a full 2FA implementation like Apple does for iCloud).

    For now I worked around that by forwarding these kinds of emails to Pushover to get a push notification anyway.

  • BenBen AWS Team

    Team Member

    Thanks for the suggestion @XIII.

    Ben

  • DenalBDenalB
    edited January 25

    "I would add that access to your 1password account requires both the Secret Key and the Master Password."
    May be you should activate additional 2FA for your 1PW account. So on new devices you have to enter the Master Password, the Secret Key and the number which is displayed in 3rd party 2FA app. I like all that stuff and that makes me feel more secure. :)

    "The email notification is a very important feature. If someone gets access to my credentials - unlikely, but possible - that feature will be the track no one can hide. Great!"
    Yes, that's a really great feature and number 4 after Master PW, Secret Key and 2FA. Very great!! ;)

  • BenBen AWS Team

    Team Member

    Further information on what DenalB is talking about is available here:

    Turn on two-factor authentication for your 1Password account

    Ben

  • Thx @Ben ! :)

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file