|
|
|
|
|
|
by bwoodruff
1368 days ago
|
|
|
Hi there! Not quite. An attacker would need either your account password AND an already authorized device, OR they would need both your account password AND Secret Key. If you have 2FA enabled for your 1Password account, and the attacker doesn't have one of your authorized devices, they would also need your second factor (TOTP or hardware key). Additionally our Principal Security Architect, Jeff Goldberg, wrote some thoughts on this subject, here: https://blog.1password.com/totp-for-1password-users/ - Ben, 1Password |
|
|