Use of and Support for Double-Blind Passwords

Ryan7hompson
Ryan7hompson
Community Member

Good morning! I would like to know what 1Password can do from a development standpoint to actively support the use of 'double-blind' passwords.

For some of my more sensitive accounts, I have most of the password saved in 1Password, with a 4-6 digit secret code that I type before or add on to the end of the stored password. 1PW UI is good enough that it's not terribly inconvenient, but it would be pretty awesome if your team had some way to make this a feature of the service.

What I am imagining is a toggle on the password for 'double-blind' where the user could select to have a secret code prompt before/after the autofill feature for the password. The user would set the secret code length to be 4-8 digits (or maybe even 2-12?) and then 1Password would either autofill and wait for those additional digits to be entered -OR- wait for those additional digits to be entered and then autofill.

I am not advocating that 1Password store the secret code, just that an allowance for some manually filled digits be added.

Thanks for your time!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Thanks for the question here, Ryan. This is a bit of a complex subject, so my response here may get a bit lengthy, but hopefully this will end up helping. What you're referring to here is typically called "salting" your passwords. This is often done automatically without your knowledge when it comes to authentication-based systems. A given website or service will typically both salt and hash your password before storing any data on their end so that, in the event of some sort of security breach, that data is much harder for an attacker to recover.

    As you might know, 1Password mostly protects your data through the use of encryption, not authentication. So the rules are a bit different in our case. In the event of some sort of security breach on 1Password's end, an attacker may be able to acquire a "blob" of your encrypted data, but not the secrets used to decrypt or "unscramble" that data. Those secrets, your 1Password account password and your Secret Key, are known only to you. We don't have them, and because we're unable to decrypt and view your data, an attacker who acquires everything that we have would also be unable to do so. We're unable to grant someone else something that we don't have.

    If you're looking to manually salt the passwords that you keep within 1Password, you must be doing so under the assumption that your 1Password account and data may be compromised in some way. And so it follows that because a compromise on our end wouldn't lead to the disclosure of your data, the compromise that you're worried about must come from your end. There are multiple ways that something like that could play out:

    • Your device may be infected with some severe form of malware that can read what you type into 1Password or what comes out of it.
    • You may walk away from your device while 1Password is unlocked, allowing an attacker to physically compromise it.
    • You may share your Emergency Kit or otherwise publicly disclose both your account password and Secret Key at once.

    There are probably other scenarios, but let's start with these. Each of these scenarios has its own path to a compromise of your 1Password data, and in turn, each one has its own mitigation that's unlikely to be aided by manually salting the data within your 1Password vault.

    • If your device were infected with some severe form of malware, unless you were fully aware of it, you'd likely just continue to use 1Password and fill your data, salt and all, into the infected web browser or OS, leading to a compromise of both 1Password and the added salt. If you were aware of it, you're likely to discontinue the use of 1Password on that device. The additional use of an anti-malware solution might be wise to resolve this threat.
    • Walking away from 1Password while it's unlocked is mitigated by setting up an auto-lock timer with 1Password. Unlike adding salt, which can theoretically be guessed (especially if you're keeping it in your head), locking 1Password adds protection in the form of encrypting your data while it's not in use. Plus, it's automatic. Protection is much stronger through the use of auto-lock.
    • If you're concerned about publicly sharing your Emergency Kit or otherwise disclosing your encryption secrets, then adding two-factor authentication to your 1Password account may be for you. That would prevent even someone with both your account password and your Secret Key from logging into your 1Password account and accessing your data.

    The list sort of goes on like this. Every potential form of compromise, however small it may be, has some sort of mitigation, and that mitigation tends to be both more convenient and more secure than manually salting each of your passwords. I should also say that, if you don't trust that 1Password will keep your data safe, but you still choose to use it, then adding additional salt to your 1Password data is only useful if you keep that salt entirely out of the hands of 1Password. If we on the 1Password team were to add some sort of feature that allowed you to enter that salt into 1Password in any form, then it'd no longer be in your head alone, and a sufficiently compromised form of 1Password would still lead to the compromise of your data. So essentially, adding the feature that you've requested would likely defeat the purpose of you doing this at all.

    Overall, I think this is really going to come down to your personal preference. If you still feel that salting your data will somehow protect you against an impending threat, and that you're in more danger for not doing so, it's not like we're going to stop you. But aside from passing this along to the rest of the team for review as a feature request, I can't really guarantee that something like this will make its way into 1Password in the future. Hopefully that's understandable.

  • Ryan7hompson
    Ryan7hompson
    Community Member

    Zatara, thank you for the comprehensive reply. I want to emphasize that I am not asking 1Password to store this 'salt' phrase - that would defeat the purpose as you pointed out. There are a variety of other ways that I believe this practice of 'salting' can add significant security for a user, for example, foreign travel (in addition to the travel mode that already exists), individuals stuck in an abusive domestic relationship, and for members of the press, law enforcement, and public officials who have a higher threat profile than an average user.

    I do appreciate your time, and thanks again for the excellent response.

  • Hey @Ryan7hompson:

    On behalf of Zak, you're very welcome! Thank you for your time and feedback that helps make 1Password even better! :smile:

    Jack

This discussion has been closed.