Skip to main content
July 8, 2026
Question

Security Model of Unlocked 1Password Desktop App in Offline Mode (Passkey-Specific Attack)

  • July 8, 2026
  • 0 replies
  • 3 views

I would like to better understand the architectural security boundaries of 1Password under the following threat model, which focuses exclusively on passkey operations (not on reading or stealing standard passwords):

  1. OS State: A Windows PC is powered on and unlocked. There is no physical surveillance or bystander monitoring of the device (the owner has stepped away).
  2. Attacker Capabilities: An attacker has gained full remote control over this PC. However, they do not know the Windows Hello PIN or biometrics.
  3. 1Password State: The 1Password Desktop app is already in an unlocked state.
  4. Account State: The owner had already changed the master password of the account from another device in advance. As a result, the 1Password Desktop app has lost synchronization with the 1Password.com servers and is operating strictly offline.
  5. Access Channel Context: Normally, the official browser extension allows using passkeys via an already unlocked Desktop app without prompting for Windows Hello or a PIN. However, in this model, the extension (and any other client sessions) was never previously authorized on this PC. Since the Desktop app is now strictly offline, authorizing any new sessions through it is technically impossible.
  6. System Integration: Attempting to use passkeys via native Windows WebAuthn will not work either, as this path strictly requires entering the Windows Hello PIN, which is unknown to the attacker.

Consequently, the only active component left on the machine is the unlocked 1Password Desktop app itself.

Question: Does the 1Password security model anticipate and defend against this specific scenario?

To put it plainly: can a "god-mode" hacker — utilizing reverse engineering, debugging, or process hooking directly on this machine — bypass standard channels and force the unlocked 1Password Desktop app to sign an incoming passkey challenge via an unconventional path?

Or is the 1Password Desktop app designed in such a way that, in the absolute absence of legitimate request channels (like an authorized extension), it is fundamentally isolated from such signing attempts, allowing us to rest easy?