How to prepare for lost password

matbb
matbb
Community Member

Hi,

the other day I had a blank and couldn't remember my master password, which later I did, uff! But this got me thinking on what would I do if I ever forgot my master password again, or if I got my phone stolen.

the help pages tell you to make a backup from your phone as long as face ID still works on the phone. I tried, but I have not been able to find the backup anywhere.

also, what happens if you lose your phone? And would it be un-secure to write my master password on a secure note inside 1password? so I can unlock it with face ID to find it?

thanks!


1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @matbb! Good for you, for thinking proactively about your own data security. "Data Security" doesn't just mean having good encryption (we take care of those details in 1Password itself), or even choosing a good Master Password. It means those things, but it also very definitely means thinking about potential ways loss could occur other than hacking/theft.

    The best way to make sure your data will always be available to you, even in a worst-case situation, is a 1password.com membership/account. Up until we launched 1Password accounts, the way to use 1Password was what we refer to now as "standalone": you purchase a license for the app, and you create your own data locally, on your own device. But what -- as you said -- if that device is stolen (or perhaps you make an ill-advised dive into the pool without remembering it's in your pocket)? If your 1Password data resides only on your phone, you're in trouble. Same if you forget your Master Password: we never have the encryption keys to decrypt your data, nor the secret (your Master Password) with which to derive those keys. So if you forget your Master Password, your data is unrecoverable -- and that could be anywhere from inconvenient to a true disaster for many users.

    If you have multiple users in a household (or even business) who use 1Password, you can open a 1Password Families account or 1Password Business account (depending on what's appropriate), and then, if any member of the account forgets his/her Master Password, an Administrator (or Family Organizer) can recover their account -- all without having to disclose your data or your Master Password. And because 1password.com account data is stored on our servers in encrypted form, if you lose the local copy in your device to fire or theft or whatever, it's not a problem: as soon as you get a new device, just sign in with your Master Password and Secret Key, and your data appears (nearly) instantly.

    In 1Password accounts, we also provide the user something called an Emergency Kit -- which is a way to save or print the details of your sign-in (including a space to write your Master Password), so you can make sure you're never without your sign-in credentials. Keep it in a floor-safe or a safety deposit box or with a trusted attorney.

    And would it be un-secure to write my master password on a secure note inside 1password? so I can unlock it with face ID to find it?

    Not at all. Or at least, no less secure than 1Password usually is -- which is very secure. If you write your Master Password in a Secure Note for example, someone would need to access your data in order to get to it -- which would mean they'd already have all your other data by that point, if they were able to do that, so finding a Secure Note with your Master Password wouldn't provide them any meaningful additional benefit.

    If you decide you don't want to go the 1Password account route, I'd strongly recommend a multi-layered backup approach, so you never lose your data. The 1Password for Mac app itself makes daily backups (presuming it's opened at least once a day), in your Library folder on your Mac -- but these will be lost if your Mac is lost/stolen. I'd recommend making local Time Machine or other bootable backups of your hard drive, as well as perhaps looking into an offsite backup solution such as Backblaze or Crashplan or similar. With a 1Password account, this is taken care of for you, but with standalone 1Password, you're on your own to make sure backups are available in multiple locations.

    the help pages tell you to make a backup from your phone as long as face ID still works on the phone. I tried, but I have not been able to find the backup anywhere.

    It's not designed to be available through iOS' file system, but it's there. If you visit Settings > Advanced and tap "Create Backup," a backup of the current state of your data will be created, and unless you delete 1Password for iOS entirely, it will be able to be restored-from. But if you want it available elsewhere besides your iOS device, you'll need to make a device backup using iTunes (or Finder, in the upcoming macOS 10.15 ("Catalina")).

  • matbb
    matbb
    Community Member

    Hi Lars,

    I like your answer, its much better then just "I recommend you upgrade", it tells me why and alternatives. It just seams excessive to me to pay 36 dollars a year for 1password subscription ONLY to get emergency kit and backup codes. All these subscriptions add up, and it maybe be cheaper to have an old mac with access to all accounts lieing around, then paying 36 dollars a year, if that is the only benefit.

    so you are saying that with the backup of my 1password file and my master password, I should be able to open this backup? in any computer? if I buy a new computer, place there the backup file from 1password, and open it with my masterpassword, it would work?

    I think I am less and less likely to forget my master password now as I use it several times a day. On my phone I can use face ID, so when the masterpassword is still relatively new, I can use face ID to enter 1password, and go find the password inside my notes. plus, its not even easy to find because I did not write inside the notes what is the password for.

    Im still considering the membership, to make things easier. I know 36 dollars a year is not so much, but the benefit is not big either.

    thank you

    Matteo

  • @matbb

    I'd argue that an Emergency Kit is not all that you're getting. :) There are a ton of benefits:

    About 1Password membership

    so you are saying that with the backup of my 1password file and my master password, I should be able to open this backup? in any computer? if I buy a new computer, place there the backup file from 1password, and open it with my masterpassword, it would work?

    It is really tough to make sweeping statements about the certainty of what will be possible in the future, especially when it comes to rapidly evolving technology. There are a lot of variables involved. But I would say, generally, yes: that should work. Where you might run into difficulty is in a scenario (e.g.) where both of these statements are true:

    1. We release a new version of 1Password that uses a different format for backups, and cannot read the older backups
    2. Your new computer is using a new version of macOS that isn't capable of running the version of 1Password that created the backup file that you have

    or we've completely disappeared off the face of the planet, and you have no way of obtaining a copy of 1Password.

    Fortunately, even in such an event, it would be possible to read the backup, it might just take a fair amount of work. Our data formats are public knowledge, so anyone can write software to read them. We don't ever recommend entering your Master Password into anything that isn't 1Password, but in the scenario outlined above you may have to resort to such measures.

    You have secrets; we don’t, why our data format is public

    I'm talking worst case scenario here. Again, generally, I would not imagine this would be a problem. I just don't want to run into a situation where due to unforeseen circumstances this doesn't go exactly as expected, and we didn't mention that would be a possibility. Does that make sense?

    Ben

  • matbb
    matbb
    Community Member

    Ok, so I talked to a friend that got me into 1password in the first place, and even if he usually hates paying for software, he did pay for one password. So, that means for me that I am going to get the 1password family, this would make getting locked out much easier to resolve. But, one big thing. My dad an mom are notoriously not very secure people, so if someone hacks into their one password because they just left their master password written down somewhere, does that mean the hacker could use that to hack my account?

    thanks!

  • Lars
    Lars
    1Password Alumni

    @matbb - no. If your parents are careless with their credentials (Secret Key and Master Password) for their own 1Password account(s), then their accounts might be vulnerable. But yours would not be, directly. In order to be able to affect your account, your parent(s) - or an attacker who'd discovered their 1Password credentials - would have to be set up as a Family Organizer.

    Family Organizers in a 1Password Families account are like Administrators: they can remove other people from the account, even delete the entire account or stop billing/payment. But regular family members can't do these things, so even if one of your parents' accounts were to be compromised due to poor security practices such as leaving credentials lying around in plain view, though their own account would be vulnerable, yours wouldn't be.

    If your parents are "notoriously not very secure," the first thing I would do is urge them to try being a bit more secure by committing their Master Password to memory and keeping any written-down or printed-out copies of the Master Password in a safe place such as with a trusted attorney or in a safety deposit box. In fact, that's what the Emergency Kit of a 1Password is for: a place for you to keep a "hard copy" of your Secret Key, and a space to write down your Master Password. All of you in your 1Password Families account should save your Emergency Kits individually and securely.

    I'd also make sure not to make either of your parents Family Organizers until/unless the time comes when you've got greater confidence in their security practices. If there's another user whose security you have more confidence is, I'd consider making that person a Family Organizer instead.

  • matbb
    matbb
    Community Member

    thank you for your answer lars, I just singed up for one password 7 free trial and will update it to 1password family after. I have to say the change process was not that smooth, took me about 20 min for it. thank you for your assistance in this

    matteo

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Ben and Lars, you are very welcome @matbb!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • matbb
    matbb
    Community Member

    HI Ben, Lars. So as I installed password 7 it asked me if I wanted to import my loggins, I did of course. But now I have all my logins duplicated, one as "primary" and one as "dropbox". what to do? now if I update in one place, it seams it wont update on the other one. thank you

  • Ben
    Ben
    edited November 2019

    Hi @matbb

    Is your intention to use 1Password Families, or Dropbox?

    Ben

  • matbb
    matbb
    Community Member

    Hi @Ben , my intention is to use 1password families, Im just running the 30 days free trial now before I upgrade to family. I have no idea what you mean by dropbox, as I dont see 1password family and 1password dropbox option. I just though dropbox was an option on where to sync/save passwords. thank you

  • Both Dropbox and 1Password Families are ways in which your 1Password data can be synced. They are mutually exclusive (i.e. you can't use them both). If you want to use 1Password Families then sign into your 1Password membership using the instructions on this page:

    Get the 1Password apps

    (you can skip the bits about downloading / installing 1Password if you've already done that)

    Once you've signed in, if all of your data is visible to you in the Personal vault, delete all other vaults:
    https://support.1password.com/migrate-1password-account/#set-up-your-other-devices
    (Primary must be the last one deleted)

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • matbb
    matbb
    Community Member

    Hi Ben, loggin in at 1password.com there was only one vault, the personal one. I assume it synchs automatically with what I have on my mac right? so now I only have my Personal vault. I consider myself quite app savvy, and the process was not a simple one. I cannot imagine how hard it would be for other less savvy clients. but now is done, thank you for your help

    matteo

  • Lars
    Lars
    1Password Alumni

    @matbb - on behalf of Ben and myself, you're quite welcome. Glad you got everything working. :)

  • matbb
    matbb
    Community Member

    HI there, me again.

    So now I have one password families. I have the emergency kit, but I do not have a safe place where I would keep my printed emergency kit. How do I use my family now to keep my secrete key? Do I go to the shared vault and keep my secrete key inside a note there?

    I also activated 2FA for my 1password account with authy, but if I loose all my trusted devices, it will be hard to get into 1password no? as it will ask me my 2FA code. Is this step really necessary? Because from what I understand, I would have to remember the Authy password for sure, or I may risk not been able to get back into my account?

    sorry for the many questions, just trying to set things up so I dont get into big trouble in the future,

    thank you

  • ag_ana
    ag_ana
    1Password Alumni

    @matbb:

    How do I use my family now to keep my secrete key? Do I go to the shared vault and keep my secrete key inside a note there?

    Yes, you could put a copy of your Emergency Kit in your Shared vault, if you don't have a safe place to store the printed copy of the document.

    Because from what I understand, I would have to remember the Authy password for sure, or I may risk not been able to get back into my account?

    Yes, if you decide to activate Two-Factor Authentication for your 1Password account, you need to make sure you are able to generate your access codes, or else you won't be able to login to new devices. We can help you with this (after a verification process) should you lose your authenticator, but it's much quicker if you always have access to it.

This discussion has been closed.