Hacker News new | past | comments | ask | show | jobs | submit login

So that you're protected from data breaches of the service itself (e.g. revealing a reused password)



That doesn't have anything to do with MFA. If for some reason your 1Password masterpass is compromised, the hacker has access to your passwords and your MFA tokens.

If you use 1Password and say Authy (Assuming your Authy pass isn't in 1Password) or Google Authenticator. Then all services with MFA wont be compromised if the 1Password masterpass is...


Hi there!

Not quite. An attacker would need either your account password AND an already authorized device, OR they would need both your account password AND Secret Key. If you have 2FA enabled for your 1Password account, and the attacker doesn't have one of your authorized devices, they would also need your second factor (TOTP or hardware key).

Additionally our Principal Security Architect, Jeff Goldberg, wrote some thoughts on this subject, here: https://blog.1password.com/totp-for-1password-users/

- Ben, 1Password


So you're banking on the idea that in order to login to 1Password you need an authorized device as your layer of security.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: