AgileBits Better than two-factor™


#1

Hello DUO Community,

I was wondering if DUO and/or the Community had thoughts regarding the claim by AgileBits that they have implements a Better than two-factor™ scheme?

https://support.1password.com/understanding-account-key/#better-than-two-factor


#2

Hey jgallias,

The white paper you link to describes this perfectly -

In one important sense it could be a considered a second “factor”, but by many other definitions it cannot be. What is most important, though, is the different kind of threat it is defending against. Typical mfa has the second factor defending against capture or discovery of the password, but your Account Key is designed to protect you against a breach of the server.

It boils down to authentication “versus” encryption. (The AgileBits team has a pretty good discussion on this here: https://support.1password.com/authentication-vs-encryption) There are merits to both and in any sane security model both are required. Both are effective in their own way defending against specific threats. Asking “which is better?” is a false binary.

Cheers


#3

Yeah that’s what concerns me about the claim “Better than two-factor™”… seems like a marketing gimmick.