secret key and database cache on the same device

vitovito
vitovito
Community Member
edited March 2021 in Lounge

Do i understand right, that if i lose my windows laptop with 1P installed on it, the only protection i have is my master password, as both database cache and secret key are stored on the laptop and are not separatable?
There is no option to store secret key on another location, not on the laptop itself?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member
    edited March 2021

    @vitovito Your Master Password and Secret Key protect your database on 1Password's servers. Your Master Password and device security protect your database on your device. Your Secret Key is required to open your database, so it is stored on devices where your database needs to be opened. A Master Password of 16-20 random characters which is not based on dictionary words, common phrases or previous passwords is essentially unbreakable. However, if you are concerned about your device security then you can use a strong device password and enable storage encryption where this is available.

  • vitovito
    vitovito
    Community Member

    Thanks, @missingbits.
    So why not allow to store secret key apart from database cache, on usb flash, for example?

  • Lars
    Lars
    1Password Alumni

    @vitovito - the Secret Key isn't designed to offer extra protection for your data on your own device. It's designed to protect you if we get hacked. Of course we take significant, multi-layered measures to ensure that never happens, but that wasn't enough. We wanted to add a lengthy string (the Secret Key) to your (hopefully already long and strong) Master Password, so that if someone ever does manage to steal users' encrypted data from our servers, it's computationally infeasible to decrypt it.

    On your own device, the Master Password is what protects your data, just as it has always been with locally-installed 1Password apps. Your Secret Key is required the first time you sign into a 1Password account in a new app/device/browser, but after that it is stored locally to keep you from having to enter this long, difficult-to-remember string in addition to your Master Password. If we didn't store it locally, not only would you need to enter it in addition to your Master Password each and every time you unlock, but also, if you ever lost the Secret Key, most of these ways of locating it would be unavailable to you.

  • vitovito
    vitovito
    Community Member
    edited March 2021

    @Lars, thanks, I understand your logic.
    But i feel somehow unconfortable, when you mean solely my Master password is strong enough to protect my dadata if they are stolen from local machine but not strong enaugh to protect my data if they are stolen from 1P site.
    Why not to give me on option to store keyfile separately from local database in the case of laptop client?
    Or you think that will create too many cases when people lose it?

  • plttn
    plttn
    Community Member

    @vitovito not a 1Password employee.

    I believe the internal logic of the Secret Key is that if your laptop is stolen, the attacker is probably not a nation state, and probably isn't too aware of 1Password. If 1Password servers were to ever get compromised, the attacker makeup is drastically different (significantly more resources, obviously knows about 1Password), and as such, the security needs are a bit higher than a single user of 1Password.

    It's not that a secure master password is insecure, it's just that the level of compromises that it would take to get to "1Password servers compromised, all encrypted vaults are now in the hands of an attacker" implies that the attacker(s) are both highly motivated and skilled, with resources to bear behind them.

  • Lars
    Lars
    1Password Alumni

    @vitovito - yes, exactly. If we enable an option, people will use it. And many of those people will not be as conscientious as you sound like you would be. Losing Secret Keys is already a problem, especially for people with Individual 1Password accounts who do not have teammates or family members who can help them out by recovering their account. Adding another way that makes it much easier to lose/destroy a Secret Key and be permanently locked out of one's own data just isn't something we have any plans to do right now.

    plttn also has an excellent point in that the threat profile is quite different between someone who typically would be likely to come into possession of a stolen/lost phone or laptop, and someone (or some group) who might be trying to hack into our servers. In the latter case - which, I will repeat, has never yet happened - an attacker able to penetrate our defenses might be able to acquire multiple encrypted blobs of user's data which they could then attempt to run advanced cracking rigs on at their leisure. Someone finding your laptop in the airport coffee shop is probably more likely to turn it in to lost and found it as they are to try to steal your data. Adding the Secret Key to your Master Password in that case makes it ages-of-the-universe unlikely that a brute force attempt will be successful.

    In the loss/theft scenario, with today's methods of remotely wiping both mobile devices and laptops, it just isn't likely that someone malicious would be able to

    1. crack your device password
    2. locate your 1Password database and extract it to another medium like a USB flash drive and
    3. remember to find your Secret Key on disk and save that as well,

    ...all before you wiped the hard drive remotely. And it gets even less likely if you use full disk encryption (FDE, such as FileVault on macOS).

    Remember, 1Password existed as a local application long before we created the 1password.com server-backend where Secret Keys are used. From 2006-2016, when all 1Password data was protected only by the user's Master Password, we know of no cases of a user's encrypted data being successfully brute-forced after the theft or loss of a device - or any other time. The point here is: choose a good Master Password. It is your last and strongest line of defense in all cases. The Secret Key is a wonderful addition to the security of your data, and 2FA can be helpful in limited circumstances. But your Master Password has always been and remains the most important part of your 1Password security.

  • jmjm
    jmjm
    Community Member

    (An 'impressive' summary post @Lars, expanding on, as usual, @plttn concise and precise reply...thanks to you both)

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Lars and plttn, you are welcome @jmjm :)

This discussion has been closed.