Save Secret Key in Apple Watch??

Hello everyone!

A bit of context, the objective that I would like to achieve (if it is possible) is to be able to access to my 1Password data (from some new device) just with my Apple Watch - just in the extreme case of loss access to my devices and I need access to my 1Password data.

My current setup:

  • Email: I know it :)
  • Master Password: Mega-secret, I’m the unique that know it and it’s not store in any place (of course). :p
  • 2FA: It’s save in my Apple Watch (and other devices) with a 2FA app.
  • Secret Key: Here the dilema.

Is it safe to store the Secret Key in the Apple Watch? I was thinking to create a note in 1Password and put it in the Apple Watch.

Any thought about this idea?? Is it a horrible idea?

Thanks in advance :D

Comments

  • rudyrudy

    Team Member

    @mglolmos,

    If you've got primarily apple devices the secret key is already stored in iCloud keychain for you in such a way that i you setup a new mac or iOS device with the same Apple ID it will find that account information automatically and allow you to type your master password to sign into your account again.

  • Thanks for the answer, I know about the iCloud Keychain :) but they idea is to be able to log in from a browser.

    Image the situation, you have lost your phone but you still keep your Apple Watch and you need to access (immediately and it’s really urgent) to your 1Password data. The idea is to access to your 1Password data through a browser (from some laptop that you borrow) using just the information that you have in your Apple Watch.

    Maybe I’m worry for a extremely unlikely situation xD

    Thanks a lot to answer any kind of question like this one :D

  • ag_anaag_ana

    Team Member

    @mglolmos:

    Let me apologize for the late reply here, your message unfortunately slipped through the cracks :(

    Thank you for the clarification about this. There is certainly nothing stopping you from saving the Secret Key in your 1Password app, and syncing that item to the Apple Watch, so you can retrieve it from there when you need it.

    But since you specifically asked if this would be a safe approach, I think you will also find the following article useful:

    About 1Password security on Apple Watch

  • Thanks a lot for the answer and the clarification 😃

  • ag_anaag_ana

    Team Member

    You are very welcome @mglolmos! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • Hello again 🙂

    It's not a question but is a clarification about the topic. I know that I can save the Secret Key in the Apple Watch but my doubt is:

    • From 1 Password Company would yo recommend to do it? or on the other hand, Secret Key should be handle like Master Password, so avoid to save it in Apple Watch because we know that it's less secure (even following all the security advices).

    Thanks a lot and sorry if it was already clear in your previous answer and I miss understood 😅

  • ag_anaag_ana

    Team Member

    @mglolmos:

    I have forwarded your question directly to our security team :+1: We will post back here as soon as we have an update :)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    @mglolmos,

    I will get to your question, but I need to go over some stuff first, so please bear with me.

    Don't lock the backup key to a safe within the safe

    Before getting to the security the Apple Watch, I would like to point out that storing your Secret Key within 1Password does not help you if you are locked out of 1Password. The purpose of storing a copy of your Secret Key in a safe place is that you will be able to get back into 1Password if you lose all of the devices you have already set up for 1Password.

    So imagine you lose the phone that your watch is paired with. Will you be able to set up 1Password on a new device? So store your Secret Key in a way that your answer to that question is "yes". Or imagine if you lose your phone and your laptop on which you have already set up 1Password crashes, will you be able to get back into 1Password? These are some of the questions that you need to be asking yourself when deciding where to store it.

    What the Secret Key defends you against

    The primary purpose of the Secret Key is to protect you if our servers get compromised. We don't plan to be breached, but we have to plan for it. And that is what the Secret Key is all about. If someone gets hold of your encrypted data from us then they wouldn't be able to try guessing Master Passwords, as such guessing is useless and impossible without the Secret Key. (Your Master Password is your defense if someone gets your encrypted data from one of your devices.)

    So you can store it anywhere that you feel comfortable won't be available to people who might get your encrypted data from our systems. If you are afraid of governments who could get into your email (as well as steal data from our systems) then don't store it in your email. (I don't store mine that way, but you might be happy to.)

    Approaching an answer to your question

    When talking about data security, there are three important concepts: Confidentiality, Integrity, Availability (CIA). Confidentiality is about keeping the data secret from unauthorized people. Integrity is making sure that the data isn't tampered with. Availability is about actually about keeping the data available to those who are authorized to use it when they need to.

    So with this in mind, storing your Secret Key in 1Password in a note that is synced to your Apple Watch

    • is fine and dandy with respect to Confidentiality and Integrity
    • sucks donkey balls with respect to Availability for when you need it

    You need to keep your Secret Key confidential from those who might be able get at the data we store on our servers. You need to keep it available to you in the event that you are locked out of 1Password (and everything that you need 1Password to log into.)

    You need your Secret Key to be available when you are setting up a new device with 1Password to connect to your account, and you should consider the case when all of your other devices unavailable. So I strongly recommend paper as one way to do it. If you remember your iCloud password, then it will be available when you set up a new Apple device. If you remember your email password, then your email is an additional option, but your email is not nearly as secure against plausible attackers as the iCloud Keychain.

    And now you see why I can't give a definitive recommendation, though I can and have said that storing it on your watch doesn't make it available for when you might need it the most.

    For some people a printout in a desk drawer is fine, for others it is not. Perhaps for some people email might be an acceptable place, for others it won't. be. You might want to give a copy to family members to store somewhere. But these are decisions only you can make and will differ from person to person. I hope I have given you enough understand of what the goals are that you can now make informed choices, keeping in mind that the reason for saving a copy of your Secret Key is to ensure availability of your 1Password data.

  • Hello @jpgoldberg,

    Thanks a lot for so much detailed answer and good explanation!! This shows how much love you (1Password team) on the product 😁

    Now, I can understand much better the different between Secret Key and Master password, and make better decisions 🙂

    Thanks again!!

  • ag_anaag_ana

    Team Member

    On behalf of jpgoldberg, you are welcome @mglolmos! Let us know if you have any other questions :)

This discussion has been closed.