It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
1Password on Work machines - risks from admin resetting passwords (Windows Hello)
If I install 1Password on a work machine and use Windows Hello for entry. Later when I return a laptop and forget to remove 1Password - what is the risk that the company admin could reset the account password (which they can) and gain access to my vault using Windows Hello instead of the Master Password?
Same question again without use of Windows Hello
Many thanks
(Latest Main release versions 1Password. Windows versions vary)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
3 Replies
mike48397289 I agree it's a low risk. I cannot say it's impossible to gain access, but I say it's a low risk.
Many thanks for that reply. So in short, if I use 1password on a work machine with face unlock with windows hello - the threat from work admin would be negligible risk - would you agree with that?
Sorry for the delay - I thought I would get an emai notification
Windows Hello is reset and PIN/saved credentials within Windows are invalidated if an admin resets the Windows account password. This is not the case if the user changes his password himself, but it is the case if an admin resets the password.
This is because any Windows-saved credentials are encrypted with the Windows account password in some Windows secure storage, so to carry over to a new account password, the existing account password is required to decrypt the saved credentials, then re-encrypt with the new password. Since the admin just overwrites a password without knowing the previous, saved credentials such as the Hello Pin cannot survive such a reset. This is a Windows mechanism and has nothing to do with 1Password.
