Data still available locally if account deletion triggered?
Hello, I had a quick question - I understand that 1Password allows for an account to be deleted ("start over") upon email verification (as described here). While I understand why some mechanism needs to exist for accounts with forgotten credentials to be cleared, it also occurs to me that this presents a denial-of-service attack opportunity - any attacker who cracked the email account with which I registered 1Password could clear all my vaults, which would be hugely problematic for accounts / passwords not recorded anywhere else.
My question - if a "start over" is triggered for my account, and I was logged into my 1Password devices (either Windows or Android), would I still be able to access all my vaults on those devices via a local backup or similar? If this is not the default behaviour, is there a way to enable it or otherwise locally back up vaults?
Also a possible feature suggestion - maybe add a time delay before such a "start over" would trigger? E.g. delay the account deletion by 24 hours and send a notification to all logged-in devices when this feature is triggered, and let the user enter their master password and stop the deletion if they do so within the grace period?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @swiftopt
I think the most important take-away here is that the security of your email account is indeed important and so you'll want to be using a long generated password for it. It may also be advisable to enable 2FA if available. As for 1Password: if you're backing up your system with Time Machine or similar then yes, it would be possible to recover from such a situation. Each of the native 1Password apps keeps a local cache of your data. So if you have that local cache from a point in time prior to the account deletion, and don't have access to 1Password.com (e.g. disconnect from the internet) then you can unlock 1Password using that cache.
I hope that helps!
Ben
0 -
Great question and answer. I hadn't considered either. Now I will.
0
