Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Disable OTP codes for certain devices?
I read a recent horror story how someone had all their information stolen from their computer (using dashlane). Basically, the user had installed a trojan, which keylogged their master password, and ...
1P_Dave
Moderator
Moderator@schveiguy
Yes, you can create a shared vault that is only accessible to some family members or guests but not everyone: Create and share vaults
So if I use a yubikey with 1password, does that mean that nobody can decrypt my vault without the yubikey? If so, that seems like a pretty straightforward way to fix this!
A second-factor such as a YubiKey plays a role in the authentication of your 1Password account but not in the encryption of the account. This means that an attacker would be unable to add or access your 1Password account on a new device since they would need your YubiKey to authenticate the account. However, if malware already had full access to your Mac then it would only need your account password to decrypt your vault locally on that Mac since your account is already authenticated there.
You can read more about authentication vs encryption here: Authentication and encryption in the 1Password security model
Using a YubiKey with your other accounts would provide a protection for the threat model that you described since a compromise of either your Mac or your phone would not give the attacker access to the second-factor needed to login to any of your accounts.
I hope that makes sense. 🙂
-Dave
