You must log in or # to comment.
There’s a balance between convenience and security and IMO storing both on 1Password is fine. An attacker getting into your 1PW account would require them having
-
your username
-
and your password (which should be unique to only 1PW)
-
and your secret key
-
or physical device access with your 1PW password or biometric auth credentials
in which case an attacker really wants your stuff, has your device, and you have bigger issues.
I feel like this is similar to saying “is your front door lock strong enough?” when a thief is at your door and really wants to get inside, regardless of level of effort required.
-