Forum Discussion

Frequent Contributor

3 years ago

1Password on Work machines - risks from admin resetting passwords (Windows Hello)

If I install 1Password on a work machine and use Windows Hello for entry. Later when I return a laptop and forget to remove 1Password - what is the risk that the company admin could reset the account...

windows

Former Member

3 years ago

Windows Hello is reset and PIN/saved credentials within Windows are invalidated if an admin resets the Windows account password. This is not the case if the user changes his password himself, but it is the case if an admin resets the password.

This is because any Windows-saved credentials are encrypted with the Windows account password in some Windows secure storage, so to carry over to a new account password, the existing account password is required to decrypt the saved credentials, then re-encrypt with the new password. Since the admin just overwrites a password without knowing the previous, saved credentials such as the Hello Pin cannot survive such a reset. This is a Windows mechanism and has nothing to do with 1Password.

Forum Discussion

1Password on Work machines - risks from admin resetting passwords (Windows Hello)

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Universal Autofill + Chrome extension not working with latest Chrome on macOS (142.0.7444.60)

Misleading pricing to upgrade

Watchtower score not identical

Safari Extension won't fill if too many tabs open

Support for Zen browser