Security of 1Password or what about Government Access?
![[Deleted User]](https://w0.vanillicon.com/v2/0dd0a8141056d3712bddb909715b1ba0.svg)
Hello people,
Please tell me, if people are politcally hunted in their country, how secure is 1password? Is there a secret/invisible login for the government possible? Can they grab the Tresor?
Thanks for your answer
Fierce
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@fierce: Thanks for getting in touch! Good question. 1Password is as secure as you make it. Meaning that, as long as you do not give anyone the "keys" to your data, no one else can access it, because then only you ever have them. There is no backdoor. That's good news in the context of your security question, but keep in mind that means you're out of luck too if you lose the keys to your data; we can't help you get into it.
As far as governments in particular, I think our website says it better than I ever could, so I'll just quote that directly:
Absent a restraint authorized by Canadian law, customers for whom responsive data is held will be notified and will be provided a complete copy of the request for their data.
While it is within our power to turn over encrypted data, there is a high bar that must be met before we will even do that, in accordance with Canadian Law:
Information for Law Enforcement
But this, to me, is the most important thing as a 1Password user:
Secure Data is owned exclusively by our customers and we have no plaintext access to this information. This means we have no means by which we are capable of providing decrypted information which may be stored in 1Password account vaults.
We just don't have the kind of information that would be useful to anyone targeting 1Password users, whether that be malicious hackers or governments, and that makes 1Password a much less interesting target for both.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Thanks for your answer. What about Germany do you know their rules and regulations too? Currently my Tresor is saved on 1password.com - is this the most secure location? Patriot act can request my data by an US government?
0 -
@fierce: You're very welcome! We don't try to figure out where you are and change 1Password based on that. There is only one 1Password security model and privacy policy for everyone. 1Password.eu and 1Password.ca are both GDPR compliant, and the 1Password.com server is not only because it is hosted in the US. All are equally secure, because in all cases your data is encrypted using two things which no one else but you knows: the Master Password you chose yourself, and the Secret Key which is generated locally on your device during setup. Neither of those is ever transmitted to us, so while we can and must give authorities what we have in response to an appropriate legal order, that's limited to a very small amount of information we know about you (based on what you gave us to pay for and use 1Password) and encrypted data which no one but you has the means to decrypt. :)
0
