[Fischgericht]

So, a company that is supposed to protect your most valued secrets and therefore should have paranoid security is using an external support system without any 2FA, and with fully unprotected session tokens/cookies, which in addition appear to have an insane timeout (how else could someone re-use the HAR files?).

Wow.

In general I would regard anyone using a password manager that uses a cloud service and/or phones home to be unreasonable. But even if you believe that this is a good idea, at this point everyone should drop 1Password as they clearly do not have the competence to run such a service.