The sign in was from Safari browser and an IP address I don't recognize. I don't use Safari much, and I especially don't use it to sign into 1Password. I did an IP locator and its suspiciously nearby a location I was near 1 week ago. I didn't use my 1Password when I was near that location. I'm worried because I have 2FA enabled for my 1P account so don't see how anyone could login to my account without that 2FA code. I've already unlinked that device and regenerated my secret key. I noticed I get the sign-in alert email immediately, as I received it when I myself signed in again after regenerating my secret key. What I'm concerned about is the limited information in the alert email. Was it a login attempt, or a successful login? I'm very confused how this can happen at all especially with 2FA enabled.Has this happened to anyone and can anyone explain what might have happened here?

If you'd like us to look into this more please email us using support@1password.com Be sure to use the email address tied to the account in question. We don't have access to account specifics in the community. We'd need to look at those to get a better picture.

I received a New 1Password sign-in alert email. I'm confused and worried.

1P_Tommy
Moderator
18 days ago
If you'd like us to look into this more please email us using support@1password.com Be sure to use the email address tied to the account in question. We don't have access to account specifics in the community. We'd need to look at those to get a better picture.
Tom
Occasional Contributor
18 days ago
For easy of mind, login with your browser, click right-top on your icon and choose 'My Profile'. See if any suspicious sessions are listed in Linked to Your Account and if so delete them?
- ES07302
  New Contributor
  18 days ago
  That’s first thing I did after I got the email alert yesterday. I unlinked that device.
1P_Tommy
Moderator
18 days ago
ES07302

Do you use iCloud Private relay? Or a VPN? It's one of the top reasons for such things.

These alerts can happen when you access 1Password on the web, but more commonly, they can also be sent by 1Password's new Web Extension, also introduced for iOS 15. That extension works in the background, and so alerts may seem to come in at "random."

I noticed I get the sign-in alert email immediately, as I received it when I myself signed in again after regenerating my secret key.

This would be expected behavior because you need to authenticate to 1Password.com

I'm very confused how this can happen at all especially with 2FA enabled.

2FA is only used on a new linking. I suspect yours was a relink.

have 2FA enabled for my 1P account so don't see how anyone could login to my account without that 2FA code.

They would not be able to. Which is why I suspect you experienced a relink.

I've already unlinked that device

Appropriate step if you're ever in doubt.
- ES07302
  New Contributor
  18 days ago
  I don’t use iCloud private really and wasn’t using a vpn at the time I was near that location a week ago.
  I definitely did not login to my 1password in a browser and def didn’t use safari.
  Even if I did, then how is this alert coming in an entire week later?

Forum Discussion

I received a New 1Password sign-in alert email. I'm confused and worried.

Recent Discussions

Browser extension 8.10.68.14 bugs

How to use Google Pay instead of 1Password payment card numbers to support virtual cards

United health care autofill issue

DuckDuckGo email alias integration

Issue: Account Owner Permissions & Vaults