New computer 1Password Setup with existing iCloud account

CGDaveMac
CGDaveMac
Community Member
edited July 2022 in Families

I just setup a new computer and was surprised to find out that I didn't need to authenticate 1Password with an existing device/Secret Key because I also signed in to iCloud on the new computer. I am guessing that 1Password Family accounts are storing account-specific information in iCloud instead of device-specific. Is this the case? I was initially not a fan of the subscription/cloud-based direction that 1Password went years ago, but was assured that a new device could not gain access to my 1Password data unless I confirmed it with my Secret Key.

Now that I know an attacker could gain access on a new device with ONLY a compromised iCloud account password, I am a bit weary.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Laura_1P
    Laura_1P
    1Password Alumni

    Hi @CGDaveMac,

    Do you currently have any Standalone vaults synced with iCloud/Dropbox? A subscription account cannot be accessed on a new device without your Secret Key/Setup Code.

  • CGDaveMac
    CGDaveMac
    Community Member

    No I do not. I setup a new MacBook and was able to access all subscription account information without the key which is why I posted this.

  • Laura_1P
    Laura_1P
    1Password Alumni

    @CGDaveMac thanks for letting me know. Not sure what's happening, but we'll have someone from our team look into this. Please send an email to support+forum@1password.com with a brief description of the issue, and be sure to include the following:

    • A link to this thread
    • Your forum username

    You should receive an automated reply from our BitBot assistant with a Support ID number (eg. ABC-12345-123).

    Thanks so much. :)

  • CGDaveMac
    CGDaveMac
    Community Member

    I think I missed this, but I just sent the info as requested. I was reminded because I setup another brand new MacBook with iCloud and was able to log into 1Password without my Secret Key/Setup code.

  • Jack.P_1P
    Jack.P_1P

    Hi @CGDaveMac:

    Great, thanks, we'll take a look and get back to you via email!

    Jack

  • CGDaveMac
    CGDaveMac
    Community Member

    Thanks for the reply. I am a bit more comfortable after reading:
    https://1password.community/discussion/78865/question-about-new-feature-on-setting-up-new-accounts
    and
    https://1password.community/discussion/88612/secret-key-being-stored-in-icloud

    It's important that users have strong account passwords and Master Passwords.

  • Ben
    Ben

    Glad to hear it. :) And yes, we'd agree, both are important. They serve different/separate purposes. Your account password protects you from unauthorized access on your device, and your Secret Key protects you from unauthorized access in the cloud.

    Ben

This discussion has been closed.