What happens when you change your master password?

Hello,

When using 1Password subscription, what happens when you change your master password? My understanding is that for the desktop apps (and mobile apps) as well as the browser plugins a local database is stored somewhere encrypted using the master password and the secret key (?), when you change your master password will those local databases re-generated/re-encrypted with the new master password? Will the secret key also get updated when you change a master password?

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @raphaelcp!

    Will the secret key also get updated when you change a master password?

    No, the Secret Key is a separate thing from the Master Password, so you will need to regenerate it separately if you wish:

    Regenerate your Secret Key

    I have sent your encryption questions to the security team, we will post back here as soon as possible :+1:

  • LarsLars Junior Member

    Team Member

    Hi @raphaelcp! Lars from the Security team here. The Secret Key is unaffected by Master Password changes; if you want to change your Secret Key, you must regenerate it separately (or have someone else in your account put you through the Recovery process.

    You're quite correct that local 1Password apps retain an encrypted cache of your 1Password data. This is how you're able to access your data even when you don't have an active internet connection. However, your 1Password data itself is not directly encrypted with your Master Password. Instead, the Master Password encrypts a MUK (Master Unlock Key), which is what encrypts the personal public/private keypair which in turn encrypts your actual data. When you change your Master Password (or regenerate your Secret Key), your underlying personal keyset does not change, but the MUK does. And yes, once you change your Master Password or regenerate your Secret Key, after your next authentication (sync) with the server, your local cache on each device will be synced using the new MUK that is encrypted with the combination of your new Master Password and Secret Key.

  • Perfect, thank you for the clarifications both!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file