How can I hide/disable the emergency kit (secret key retrieval) entirely?
I trust myself to securely store one or more offline copies of my emergency kit, and I absolutely do not want a QR code showing up on my screen that someone can capture/use to activate another device.
Is there a way to completely disable the ability to retrieve the secret key?
I do grant you that they'd have to know my my master password, but 1password saves the master password as an entry by default.. whaa. So if I delete that, should I be confident they can't retrieve my master password if I leave my screen/account unlocked for a minute?
1Password Version: Latest online version
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:hide emergency
Comments
-
Hi @HeroTime,
Is there a way to completely disable the ability to retrieve the secret key?
There is not. You'll always be able to get the Secret Key from an already authorized device.
Find your Secret Key or Setup Code
I do grant you that they'd have to know my my master password, but 1password saves the master password as an entry by default.. whaa. So if I delete that, should I be confident they can't retrieve my master password if I leave my screen/account unlocked for a minute?
You should not. If someone is able to use your device as if they are you, then they will likely be able to access secrets that only you are supposed to be able to access (possibly including the Master Password). Preventing this type of use from happening should ideally be the priority here. :)
I trust myself to securely store one or more offline copies of my emergency kit, and I absolutely do not want a QR code showing up on my screen that someone can capture/use to activate another device.
I understand, but one of the biggest issues we see in support is folks who have lost or forgotten their Secret Key or Master Password. A big yet often forgotten part of information security is information availability. If the info isn't available to the person / people who should have access then that is a failure. You personally may never encounter this issue, and we'll all hope that is the case, but we have to design for a broad audience, and that includes a large portion of people that aren't as diligent as you may be.
Ben
0
