Failed login attempts

Question

Hello, it appears that one may hack away at 1Password logins w/o concern for the number of failures. Is this true: if not, where may I find doc regarding such?

The admin "Sign-In Attempts" report is eye-candy and of limited practical use.

The Activity Log has a "Login Attempts Exceeded" option, but the value of the count is no where to be found.

For a serious enterprise offering, the following should be available:
1. Account lockout after organization specified number of failures.
2. Alert mechanism to inform owners or admins of high number of login attempts (or at least the lockout occurred.)
3. A easy-to-find report showing suspicious activity.

Please let me know I'm mis-informed on these items.

1p_dave · Answer

Hello dhalonen​! 👋
Thanks for the feedback! 1Password works a bit differently from other services you might use, since the information you store is protected with encryption, not just authentication. When you use the 1Password app, it keeps an offline cached copy of your encrypted data on your device. This means that even if you set a limit on the number of sign-in attempts, someone with access to your device could still try to perform an offline brute-force attack on that encrypted cache.
When it comes to online brute-force attacks, 1Password is designed to prevent them. To sign in on a new device, both your account password and Secret Key are required. Together, these provide over 128 bits of entropy, making a brute-force attack practically impossible.
If your organization uses SSO (Single Sign-On) to unlock 1Password, as Tom mentioned, many identity providers allow you to set sign-in attempt limits on their end, and those same restrictions would apply when accessing 1Password.
That being said, our team is always listening to how we can make 1Password better for organizations that use it. The "Login Attempts Exceeded" value in the Activity Log is a placeholder for now. I've shared your post with our team internally so that they're aware that you'd like to see such a feature be added to 1Password in the future.&nbsp;
For the time being, the sign-in attempts report is the best option to monitor failed sign-ins. You can configure reporting and even notifications by using the 1Password Events API to send your 1Password account activity to your security information and event management (SIEM) system:

Monitor sign-in attempts in 1Password Business
Get started with 1Password Events Reporting

-Dave
PB-51862291

tom · Answer

There is /report/sign-in-attempts if you are an admin, which clearly shows from where and why - for obvious reasons not able to share a screenshot :)

As I'm not a global admin can't help you with details on the specifics for lockout, but if you are truly invested on security I'd suggest looking into oAuth/SSO with goAuthentik/Entra/Okta/etc. for authorisation and leave specifics at that platform.

That leaves 2 open for someone else to answer :)

Forum Discussion

Failed login attempts

2 Replies

Featured discussions

October at 1Password: Defining new standards, empowering communities, and securing the future

Recent discussions

In Windows app settings, the "reset" button doesn't actually reset the app

Thumbnails don't load in Windows "Open" dialog when choosing an icon

Multiple Business Accounts Logged in (one) 1Password.app

Unable to Link Personal Account to Family Plan

Chrome Extension Causes Unwanted Vertical Scrollbar by Injecting 1p-live-region Element