Secret Key recovery

markyf004
markyf004
Community Member

I don't know if this is the right place for this but the device where I installed the app was stolen. I'm trying to set it up on a new device but the problem is the secret key. I know the email I used and the master password but not the secret key.

Unfortunately, the email password is in the app as well and the emergency kit is on the cloud of that email account which I have no access to.

Is there any alternative to getting a secret key with just the email and the master password?

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @markyf004!

    Sorry to hear about your device. Was that the only device where you were using 1Password? If you have the 1Password app installed on another device (Mac, PC, or mobile device), you will be able to see the Secret Key in there:

    Find your Secret Key in the 1Password apps

  • markyf004
    markyf004
    Community Member

    Hi @ag_ana yeah it's unfortunate. But I've only ever installed it on the Android device that was stolen. Right now I'm at a loss.

  • ag_ana
    ag_ana
    1Password Alumni

    @markyf004:

    Do you have your email account setup on another device at least, where you can receive emails? If you do, you could recover your email account password, so you could access your Emergency Kit after resetting your password there.

  • markyf004
    markyf004
    Community Member

    Hi @ag_ana sadly no. The phone and laptop I was using where my email is saved/logged in where all stolen. I'm really not sure where to go from here.

  • @markyf004

    Is this an individual membership, or a 1Password Families membership? If it is a 1Password Families membership, another Family Organizer may be able to assist you:

    Recover accounts for family or team members

    If this is an individual membership it sounds as though the only chance of recovery here would be to contact the cloud provider where you stored your Emergency Kit to see if they can help you recover access to that account. Without your Secret Key, it would not be possible to access your 1Password data.

    I do apologize for the situation and hope one of the paths outlined above will be fruitful.

    Ben

  • markyf004
    markyf004
    Community Member

    Hi @Ben it's an individual account. I figured I'll have to try to recover my cloud access. If that's not possible, is there any way to cancel the subscription without signing in to the account?

  • Absolutely. If you are billed directly by us, our billing team can help with that via email. Please use https://support.1password.com/contact/ and select "I have a question about billing" to get in touch with them. If you are billed by a 3rd party (Google, Apple) you can cancel with them:

    Ben

  • kram5819
    kram5819
    Community Member
    edited August 2021

    Marky,
    You might benefit from this advice >>>>>I use an app called color note, you can lock your notes with a password & ColorNote automatically syncs notes once a day, and also you can manually sync your notes. Your notes are encrypted with the AES standard before being uploaded to the cloud storage. AES is the encryption standard that banks use to secure customer data.

    I use 1password to autofill my log in to color notes, so that gives me the ability to use a random password that no one can guess to "unlock my note">> 434g%^&svb)-svhrhesc!!@34fsf <<< love these long uncrackable passwords and what's better is now 1password seems to have fixed the autofill issues with android.

    Of course this >>> 434g%^&svb)-svhrhesc!!@34fsf <<<< is NOT a password I made it up, BUT it is equally as tough.

    Marky just a suggestion>>>>>>>>>>>>> but buy a spare mobile device you can get them for 50 bucks or so, and put your 1password info on that in case you ever lose your main device, or it gets stolen. That way you can get back in & have your secret key password and all your important info.

    Color note is great, I have used it for years I store my secret key there as well in Bitwarden as a back-up in case 1password ever had issues.

    Another great option is Mega storage, I also have my "stuff" there it's great Mega storage attracts customers due to its approach to security. Mega uses end-to-end encryption. All files that are uploaded to MEGA's servers are encrypted on the side of the client,

    The platform is totally end-to-end encrypted, which means not even Mega can make any sense of your data. Mega takes privacy and security seriously.

    If you are concerned about security with color note, You can also put your secret key in the notes and not add a label to it so no one but you would know what it is.

    Hope my advice is helpful.
    I know getting locked out, or losing a device stinks, this is just my 2 cents worth to help, so you will always have access to "your stuff" and not get stuck with no way to access your important things again.

    I hope this helps.

  • ag_ana
    ag_ana
    1Password Alumni

    @kram5819:

    I use 1password to autofill my log in to color notes, so that gives me the ability to use a random password that no one can guess to "unlock my note"

    The problem in this case is that if 1Password itself is not accessible, such as in this case, using other cloud storage services would not help if the Secret Key is lost, and you have no way to access your passwords to login to them. However, this is a good suggestion:

    Marky just a suggestion>>>>>>>>>>>>> but buy a spare mobile device you can get them for 50 bucks or so, and put your 1password info on that in case you ever lose your main device, or it gets stolen. That way you can get back in & have your secret key password and all your important info.

    Having your 1Password information on a separate device is indeed the best way to access your information and your account credentials :+1:

  • kram5819
    kram5819
    Community Member
    edited August 2021

    The problem in this case is that if 1Password itself is not accessible, such as in this case, using other cloud storage services would not help if the Secret Key is lost, and you have no way to access your passwords to log in to them<<< this is the point here, IF you have your secondary device and have your secret key & password "saved" >>locked<spare< device you then HAVE your sign in credentials and can use them to get into your device if you either forgot what it was, OR had to get a new device because the original device was lost or stolen. All you need to do is get into your ColorNote THAT YOU HAVE IN YOUR """SPARE"" DEVICE and get your password and your secret key that you have stored in your color notes, you're good to go.

    The problem in this case is that if 1Password itself is not accessible, such as in this case, using other cloud storage services would not help if the Secret Key is lost<<<<<<<, The whole idea of using color note or Mega storage, you'll know where it is.

  • ag_ana
    ag_ana
    1Password Alumni

    @kram5819:

    IF you have your secondary device and have your secret key & password "saved" >>locked<spare< device you then HAVE your sign in credentials and can use them to get into your device if you either forgot what it was, OR had to get a new device because the original device was lost or stolen. All you need to do is get into your ColorNote THAT YOU HAVE IN YOUR """SPARE"" DEVICE and get your password and your secret key that you have stored in your color notes, you're good to go.

    If, as you say, you have your secondary device with your Secret Key and password that you can access in the 1Password app, what would be the benefit for the original poster to use ColorNote on that device?

    The whole idea of using color note or Mega storage, you'll know where it is.

    The original poster knows where this information is (on the cloud storage of their email provider), so that is not the problem in this case :+1:

  • kram5819
    kram5819
    Community Member

    What would be the benefit for the original poster to use ColorNote on that device?<<< it sounds like the OP did not have a back-up device. So, IF they had a spare mobile phone >>a smartphone<<< and had color note on there, all they would need to do is get in their color note open the note that has their secret key / password on it for example

    lets say here is their note in color note

    MY LOG IN FOR 1PASS
    they click the above

    and then can see this below

    password et4frwyjrbrnh855%&ew1xv_
    secret key 43453;-6663-gh7-347-ffbBB

    Then just type it in their new device and BAM.... there back in...

    it is a great idea, and it works!!

    I love color note because Your notes are encrypted with the AES standard before being uploaded to the cloud storage. AES is the encryption standard that banks use to secure customer data.

    And you can safely store your info in there and KEEP A SPARE DEVICE for the """just in case"

  • [Deleted User]
    [Deleted User]
    Community Member

    @kram5819 I can see how this is convenient, but it bypasses 1Password strongest feature: its security. Passwords stored in 1Password will be no more secure than if they had been stored in ColorNote. You are in effect trusting the security of all your passwords to ColorNote.
    How are ColorNotes' encryption keys controlled? Are they derived from a password that only you know and which stays local on your device? If so, how strong is that password, how is it stored and how do you access it when unable to access 1Password?
    Installing 1Password apps on an additional device avoids creating backdoors in 1Password's security and avoids the risk of being locked out of ColorNote because its password is stored in 1Password.

  • kram5819
    kram5819
    Community Member
    edited August 2021

    You are missing my point

    That is to have another secure encrypted source to get into 1password. Using color note is no different than having both a laptop and mobile device, both with 1password on each one.

    If I understood the OP they had only 1 device, and it was lost/stolen soooooooo gone was all their info. To avoid that, I recommend having at least 2 sources to have all your info available to you so you can get back in.

    In my case, I have 3, I have a laptop with 1passwod (Chromebook) and also my android smartphone. I also have color note as my 3rd place to get my 1password info, so I can avoid being locked out because I lost my device.

    IF for some reason I can't get into 1 device, I can get in the other thanks to having my 3rd option>>> color note.

    For example>>>> let's say it's my mobile device that's missing, I also have color note on my laptop, so I can get into my laptop get into my color note copy and paste my secret key and password and log back into 1password.

    This way, should I forget my password/secret key. It is available with colornote as my 3rd option as my backup to NOT get locked out.

    You can lock a note with a master password. Nobody will be able to access it without the master password. Even you cannot open it if you forget the master password.

    If you sign up for online backup service, your notes will be backed up to the cloud storage. Then you can get access to your notes from other mobile devices. Therefore, you can easily transfer your notes to a new device when changing devices. Even when you lose a device, you can restore the notes backed up to the cloud storage.

    ColorNote automatically syncs notes once a day, and also you can manually sync your notes. Your notes will be encrypted with the AES standard before being uploaded to the cloud storage. AES is the encryption standard that banks use to secure customer data.

    Again, this is just "another way" to be sure you don't get locked out. IF you have only 1 device say a mobile phone & you lose it, gone is all your login information this is why at the VERY LEAST, I recommend having a "spare" mobile device that has 1password on it so if you lose one device, you STILL have the other as a way to get back in should you lose your one and only device with all your information on it.

    For me and my peace of mind as mentioned I have 3 and am very good at being sure 2 fa is on and I don't get locked out. Things happen & I try to plan on that so getting "locked out:" will be less likely to happen.

    I also have a .csv file I update monthly (I am sure to encrypt it)

    that .csv file has ALL my passwords, safe notes & other information that is stored in my Mega account BUT as I mentioned I encrypt it so even IF someone got past my 30 character master password then got into my mega account they would then need to get past my authy 2fa that I have set up.<< good luck with that!!

    BUT IF they managed all that and got in, the .csv file that has all my passwords and information would be useless as it is encrypted. So all my stuff would look like the gibberish below >> the crook would have "nothing but gibberish."

    ..bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb.bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbyb
    .bht4gji3rgor3rbr3pb3rg3rg4tgh4ghhg4hg9gth9thu9htbh9t4bbbtb4ththtbybvfetwebh5yuj7u7i8ki75i7k7i56um5y46h5h5j5j77

  • kram5819
    kram5819
    Community Member
    edited August 2021

    It is a good idea to have 2 devices that have 1passworrd on them, even if you only use 1 at least you have a back-up way to get in.

  • [Deleted User]
    [Deleted User]
    Community Member

    @kram5819 I understand the need and I have backups of my 1Password credentials, I just wouldn't trust something like ColorNote because the security model is undocumented and certain to be weaker than 1Password.
    I would use a dedicated password manager that saves your passwords in a local database like Keepass. The database can be sync'd across your devices using a service like mega, so that it is double encrypted when in transit and when stored in the cloud. You can also use it to import your monthly CSV backups.

  • kram5819
    kram5819
    Community Member
    edited August 2021

    RootZero,
    We all have different ways of doing things, I get that, yup. I am glad we can all be helpful on the forum & I respect your opinion. To add, Color note is very secure and , ColorNotes security model is documented and certain and not weak. They have been around a long time.

    ColorNote has a 4.5-star review on Google Play, from more than 1.5 million reviews – including more than 1.1 million 5-star reviews.

    The security I like with color note is similar to 1password in that once you use your password to get into your color note, any that you have locked need another password & mine is different than my login password to color note, so it is similar to the "secret key" with 1 password. You cannot see my locked color notes without that "other password" the thing is, though, don't forget your password. ColorNote doesn’t have an option to find the master password. This is to prevent others from accessing your locked notes. Even color note cannot find your master password. ColorNote places heavy emphasis on security.

    I am certain they have what it takes to be extremely secure, but that's just me, :) What ever works for you is most important.

  • Thanks for all of the input here folks. Let's try to re-focus the conversation around 1Password though, please. :)

    Thank you!

    Ben

  • VessV
    VessV
    Community Member

    "If I understood the OP they had only 1 device, and it was lost/stolen soooooooo gone was all their info. To avoid that, I recommend having at least 2 sources to have all your info available to you so you can get back in."

    1 of those sources can be the emergency kit like 1Password recommends, and avoid screwing around compromising security with another cloud app, which itself needs a method to avoid being locked out so you're either at risk of losing THAT password, or need a 3rd app to store it, and a 4th app to store the 3rd app's password, and a 5th app to store the 4th's...

  • Yes; great point about the Emergency Kit, @VessV.

    Ben

This discussion has been closed.