• jollins@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    There’s a balance between convenience and security and IMO storing both on 1Password is fine. An attacker getting into your 1PW account would require them having

    • your username

    • and your password (which should be unique to only 1PW)

    • and your secret key

    • or physical device access with your 1PW password or biometric auth credentials

    in which case an attacker really wants your stuff, has your device, and you have bigger issues.

    I feel like this is similar to saying “is your front door lock strong enough?” when a thief is at your door and really wants to get inside, regardless of level of effort required.