What happen if I delete my secret key in local storage?
In the Security and Privacy page, it said "Your Secret Key was created on your own device. We have no record of your Secret Key and can’t recover it." So what happen if I manually delete my secret key in the local storage? Does 1password have a record of my secret somewhere in the database so that it can verify the correctness when I log in? If so, why does it say 1password never has a record my of secret key?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey @Kevin234234:
Great question! Your account password and Secret Key (other than the first 6 characters which we know as an identifier) are never shared with us: About your Secret Key
When you create your 1Password account, your Secret Key is generated locally on your device, and then saved into the 1Password account Login item saved in your 1Password account. As a real world example, this is like keeping a key to a safe, inside the safe itself. There's no way to use the key stored inside the safe, unless you can unlock the safe itself.
When you authenticate to 1Password (for example when you add your 1Password account to the app on a new device), not even your account password is transmitted over the network. We use a protocol called Secure Remote Protocol, and have talked a bit more on how it works here: https://blog.1password.com/developers-how-we-use-srp-and-you-can-too/
Let me know if that helps explain things, or if you'd still like me to clarify things!
Jack
0 -
1Password never has your secret key, period. The entry you see in your vault is a copy created for your convenience by the 1Password application during account setup. It is available only to you and is never sent to 1Password's servers. If you delete it, nothing bad happens--1Password will continue to work the same as always, and your account password will not be affected in any way.
However, keep in mind that when the day comes where you need to set up 1Password on a new device, you are going to need the value of the secret key, i.e. the 34 letters and numbers, separated by dashes. The secret key is also part of the Emergency Kit, and I strongly urge you to print that out if you haven't done so already, and keep it somewhere safe.
Some pointers to 1Password's docs about the role of the secret key and the Emergency Kit here:
https://support.1password.com/secret-key-security/
https://support.1password.com/emergency-kit/Hope that helps.
0 -
Thank you for answering. I understand that my secret key is never shared. What I don't understand is when you said my secret key is "saved into the 1Password account Login item saved in your 1Password account." Isn't my 1password account information needed to be stored in a database somewhere so that it can be synced when I log into different device? Therefore my secret key is saved along in the same database? I'm just really confused on how 1password can verify the correctness of my secret key without knowing it.
0 -
Hi @Kevin234234:
Thanks for following up! We never see your data in an unencrypted form. Using the Secure Remote Protocol I linked to above, our servers verify you're supposed to have access to your data, the 1Password app then receives the encrypted data, and it is then decrypted locally on your device when the 1Password app is unlocked. When you add a new item to your 1Password account, it is encrypted using your account password and Secret Key, and then and only then is it sent to your other devices, which repeat the process of decrypting the data.
To be 100% clear, your Starter Kit item containing your 1Password account's email address, sign in address, Secret Key, and account password is a regular item, just like any other, encrypted and inaccessible to us.
Jack
0