Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Game Over Scenarios - What To Do in Breach
Hi,
Going through some paranoia
I’ve been running through some “what if” scenarios about 1Password and figuring out:
- How stressed I should be in each case
- What to actually do if it happens
Here’s my current thinking — would love feedback:
Category 1 – Vault Not Compromised
Examples:
- Someone steals 1Password’s servers but not my Secret Key or master password
- My phone/laptop is stolen but locked with a strong passcode and biometrics
Stress: Low
Actions:
- Unlink stolen devices (only helpful if they are online)
- Remote wipe if possible
- No urgent password changes — maybe rotate some over time for peace of mind
Category 2 – Vault Potentially Compromised
Examples:
- Malware on my device (could capture my master password next time I unlock vault)
- Device stolen and unlocked. I thinking something like a phone snatch.
- Weak device password that could be guessed
Stress: Medium–High
Actions:
- Stop using compromised device
- Change vault master password + Secret Key
- Immediately change Tier 1 account passwords (email, bank, primary cloud logins)
- Rotate other accounts over time
Category 3 – Vault Definitely Compromised
Examples:
- Attacker knows both master password + Secret Key
- They have an export or backup of my vault data
Stress: High
Actions:
- Immediately change Tier 1 account passwords first
- Then Tier 2 (social media, messaging, secondary financial)
- Then the rest
Closing thoughts:
- Avoid malware — it’s one of the few scenarios no password manager can save you from
- Device theft is more common, but if the vault is locked and your passcode is strong, you’re probably fine. Would you remote wipe straight away or wait to see ifs handed in?
- The “$5 wrench” attack… well, not much to do there
- Keep a list of Tier 1 accounts handy for emergencies so you know what to change first
- Offline-only vault on a USB stick could be more secure, but a lot more inconvenient — I only access password in a secure location. If I'm on the road and no one at home to give me a password, then what.
Would appreciate some input to get over the paranoia haha
3 Replies
Thanks AJCxZ0 for your reply - it reminds me one needs to keep in mind the actual probability of all the potential scenarios. It's always going to be a compromise.
A compromise of that innocent browser extension which was sold by the developer to criminals who have access to, but don't need, all your credentials, as they have direct access to all your session cookies.
Sleep well. 😬
Risk assessments are fun and contingency planning can be useful for peace of mind even when threats remain hypothetical. A detailed assessment of each case would be a lot of work, so I'll pick a couple of cases.
The mobile device snatched the very moment that you unlocked the 1Password app or a rubber hose exploit would expose all your secrets, however the chance that the snatch happens during the window in which the app is unlocked is small, and the chance that the snatcher will be in a position (and motivated and able) to exploit the opportunity during the unlock window is even smaller; that is unless the snatch was orchestrated for this purpose, in which case you are probably up against an adversary for which generic advice won't help much.
Wiping the device and changing your 1Password and maybe some critical service credentials from another device would be wise as a precaution, followed by a close watch of evidence of access to valuable accounts.What to do in the case of a Category 3 scenario probably depends more on the circumstances in which the revelation occurred. A trusted family member finding your Emergency Kit in the filing cabinet is very different from Mr. Robot putting a keylogger on your device(s).
