Hey @pslinn! 1Password doesn’t prompt for 2FA on every app unlock because once your device is authorized, asking for it again wouldn’t meaningfully improve your security.
1Password’s security model works differently than many other services you might use. Most apps rely solely on authentication to gate access to your data. 1Password, on the other hand, is built around encryption—and that changes how things work under the hood.
When you first sign in on a new device, you authenticate with your account password, Secret Key, and second factor. After that, a local encrypted copy of your data is stored on your device, and 1Password doesn’t require a constant connection to our servers to function—that’s also why you can still access your vaults even when you’re offline.
That local data is protected by encryption, not ongoing authentication, and what decrypts it is your account password. Requiring a second factor every time you open the app wouldn’t actually block a local attacker, as they could just grab the encrypted data file directly. In that scenario, your second factor wouldn’t help because the app wouldn’t even be part of the equation. So prompting for 2FA again would be more security theater than actual added protection.
The most important thing you can do is make sure your account password is strong and unique, as that’s what really protects your vault on your device.
You can read more about how this all works here: Authentication and encryption in the 1Password security model