Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
security for desktop app
When logging in to the website you need password, secret key and optional 2FA but if a hacker etc is control of my pc all they need is my password which they might know by watching me enter it when i...
GreyM1P
1Password Team
1Password Team@asukulu
But I can see no reason why it should not work on the understanding that it could be infected. That’s the reality.
It shouldn't be. Anti-malware protection, such as what's built into every modern device sold, is designed to make sure that's the case. Users of devices should have the reasonable expectation that their device isn't infected. Having an infected device is not, and should not be, considered normal or acceptable by anyone. If someone else is in control of your device, that's not something that 1Password can protect against. If someone can see everything you can see and everything you type, then there's no way to keep a secret from that person.
Why can’t users have the option to open the app with TFA only?
In short: because a one-time password generated by an authenticator app doesn't contain enough key material to decrypt your data. All of your 1Password data is encrypted on disk and can only be decrypted using an unlock key which comes from your account password and Secret Key.
1Password unlocks using encryption, not authentication. When you unlock, 1Password doesn't just check that you are who you say you are (which a one-time password would do), because that could be circumvented – your decrypted data would have to be somewhere on disk. When you enter your account password into the lock screen of 1Password and press Enter, 1Password takes that account password and performs a series of functions to generate an unlock key, then tries to decrypt your data with that unlock key. If the unlock key doesn't work, that means the account password was wrong. Only the correct account password will generate the right unlock key and decrypt your data.
Even, hypothetically, if 1Password silently decrypted your data every 30 seconds and re-encrypted it using a new one-time password so that you could unlock it with only a one-time password, there are only 1 million possible 6-digit numbers, meaning someone could perform an offline attack against your data in a very short amount of time, trying all numbers from 000000...999999. Extending this thought experiment further, if someone did have remote access to your computer, and could see everything on screen and on disk, it would be trivial for them to do this attack and decrypt your data. That's why 1Password doesn't use one-time passwords for encryption. We only use them for authentication at the signing-in stage, and encryption protects the actual data.
Two-factor authentication on your 1Password account prevents unauthorised people from gaining access to the encrypted version of your data. When you sign in, then enter a one-time password or use a hardware security key, 1Password downloads your encrypted data, then your account password and Secret Key decrypt it. The one-time password doesn't have any role in encryption.
You can find out more information about 1Password protects your data here: About the 1Password security model. I'll be happy to answer any questions you might have about it.
