Storing secret key (emergency kit)

When regenerating a secret key a emergency kit sheet is present with the secret key on it. I store this sheet (by uploading it to to one drive microsoft on my ios device). Sometimes I move it to some special vault in one drive with extra 2fa.
This sheet is seperated from my masterkey (stored in another place) and I have a copy of this secret key.

Is it ok to use a cloud storage for only the secret key?

If so is that secure enough or should I put it in that one drive personal vault as well?
Or is just storing into one drive secure enough?
( have some issues to uploading the secret key in one step from the moment the sheet of emergency kit is there. I often have to upload to one drive first and move it to the personal vault.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:Storing secret key (emergency kit)

Comments

  • ag_anaag_ana

    Team Member

    @F_9083x:

    Is it ok to use a cloud storage for only the secret key?

    Yes it is ok, so you have a digital copy available anywhere if necessary.

    If so is that secure enough or should I put it in that one drive personal vault as well?
    Or is just storing into one drive secure enough?

    It depends on the risk of getting locked out from Onedrive. If you always have access to your authenticator app to enter the 2FA codes, you can also move it into the vault. Otherwise, it would be better to have it in your Onedrive account to be always reachable to you.

  • Someone from 1Password will surely add to what I'm about to say (and please do correct me if I'm wrong), but my understanding is that the purpose of the Secret Key is to protect your data in case 1Password's servers ("cloud") were to be hacked. The Secret Key provides a guarantee that no matter the strength of your Account Password (nee Master Password), the data stored on 1Password's servers is at least encrypted with a 128-bit key, i.e. the Secret Key.

    Because your data is encrypted with your Account Password in addition to the Secret Key, it's perfectly fine to store the Secret Key somewhere else, be it locally or on some other cloud server, as long as it is always accessible to you even if you can't log into 1Password, because you'll need it in order to log into 1Password on a new device.

    If you use the mobile app, 1Password in fact already stores your Secret Key in the cloud as a security precaution, because if you reset your mobile device and log into your iCloud or Google account and then proceed to install the 1Password app, you'll see that your Secret Key is pre-filled for you, and you'll only need to provide your Account Password. This implies you know the password to your cloud account, of course.

    Still, I'd recommend haivng a physical copy of the Secret Key stored somewhere safe like a safety deposit box or a trusted family member or friend, just in case.

  • ag_anaag_ana

    Team Member

    Correct @MerryBit, thank you for the additional information :+1:

  • sorry to hijack this discussion thread, as I also got a question re secret key, I know if we use a new device to login we need both secret key and master password, which I think is a great idea and secure way of protecting my data.

    However, if this situation arise let says I lost my phone in a foreign country hence I couldn't access to my 1Password account, nor my other cloud accounts as I need 1Password to unlock them and other devices that previously signed in to my 1Passwsord account are not with me, and the Emergency Kit doc that has my secret key is not with me either. For this situation I couldn't gain access to my 1Password account using new device in a foreign country as I don't remember my secret key and worst is all my online account passwords are generated and stored in my 1Password account, therefore I cant open my email account, cant access to any of my cloud accounts or social media accounts nor I can have access to my online banking, I literally cant do anything, as I rely on 1Password to unlock my online accounts. And I am in a foreign country that desperate needs help and cant return back home to retrieve my secret key. For this situation, how can 1Password support team do to assist me?

    or in other way if I am very unlucky that all my devices that previously signed in to 1Password account got stolen and I even lost my Emergency Kit doc, therefore leave me without my secrete key. How can 1Password support team do to assist me?

    Thanks.
    Piau.

  • BenBen AWS Team

    Team Member

    @Piau

    The only assistance we would be able to provide in such a scenario would be to highlight the various locations the Secret Key can typically be found: the Emergency Kit, the 1Password app on already signed-in devices, and iCloud Keychain if enabled. We have no mechanism for providing your Secret Key to you or resetting it. We do not have your Secret Key, and we can't give you something we don't have. Additionally because the Secret Key is used to encrypt your data, it is required to decrypt that data.

    Additionally in this scenario I would note that we would not be able to discuss any specifics of your account with you. If you cannot receive email at the address associated with your account, we cannot discuss details related to that account. One possible exception to that rule would be if you could not provide email verification, we could assist in cancelling the subscription, if you were able to provide the details of the payment method tied to the subscription.

    If this is a scenario you can envision yourself in, I'd encourage you to find other ways to carry your Secret Key with you. For example, as a possibility I recall being discussed in a previous thread, print and laminate the Secret Key and store that in your shoe beneath the insert. I thought that was a rather creative idea. It seems unlikely that one would lose all of their devices, their Emergency Kit, and their shoes all in one go, and not have significantly larger problems than not having immediate access to 1Password.

    In the very worst case scenario: it seems storing a copy of your Secret Key with a friend/family member or in a place where a trusted person could access it, and you could reach that person by phone, might also be an acceptable mitigation.

    Ben

  • To add, I am the family organizer of my family account. I keep my secret key within 1P (plus hard copy) because the browser sometimes forgets it. My question is does every member have their own secret key? I've never thought about this before. I may keep a copy of their secret keys within my 1P & theirs (plus hard copies of course) since they aren't very techie?

  • ag_anaag_ana

    Team Member

    @schrino:

    My question is does every member have their own secret key?

    Yes, every member has their own Secret Key.

    I may keep a copy of their secret keys within my 1P & theirs (plus hard copies of course) since they aren't very techie?

    That would be a good idea :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file