I think it is not a good idea to require a master password to login to my.1password.

Hiiragi
Hiiragi
Community Member

I am sorry if there are any strange parts because I am using a machine translation.

Currently, a master password is required to log in to my.1password.com, which we believe is a security risk.
I have confirmed that the master password is not being sent directly to the server.
However, if 1Password's server were to be compromised, the master password you are entering could be intercepted.

I do not need to decrypt the vault as I just want to check and change my subscription information etc. on my.1password.com.
Can you please make the master password unnecessary for non-vault operations or have a separate password for login?

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • prickly
    prickly
    Community Member

    Isn't that what the secret key is for?

    Even if their servers are hacked, or a key-logging javascript is injected in the browser page somehow when you log in, the vault is encrypted not only by your master password, but with the secret key too.

  • Hiiragi
    Hiiragi
    Community Member

    Thanks for the reply.

    On the login screen, both the secret key and the master password are entered.

    It means that in the unlikely event that 1password's server is compromised, it could be a risk before the administrator is aware of it.
    I would like to reduce those risks if possible.

    There is also the risk that if a malicious browser add-on were installed, everything in the vault could be read.
    If there is no master password for the 1Password login (If do not decrypt the vault), then the only information that can be stolen is what you type within the browser.
    In the meantime, this can be circumvented by login in a secret window with no add-ons, but the hassle is left to the user.

  • Hi @Hiiragi

    Thanks for taking the time to start this conversation. I'm curious at to what you would envision as an alternative?

    What comes to my mind immediately is a 3rd secret that can allow access to the management interface without decrypting any items. The difficulty with that approach is that we have a difficult enough time with people forgetting their account password and/or losing their Secret Key, often resulting in irrecoverable data loss. Adding yet another secret to the mix without solving that problem feels like a recipe for disaster.

    Another improvement could be to include access to billing and other admin functions from within the client apps. This would reduce (but not eliminate) the likelihood of interference from a malicious extension. It would also give the user additional assurance that the code they are running is the code we've published, as the client apps are code signed. The difficulty here is that the engineering lift is significant, especially compared with the level of mitigation offered. It has been on the wish list for a long time. While I do hope we ultimately go this route, I don't suspect it is something that can happen in the short term.

    Do you see another way we could help minimize this?

    Ben

    P.S. Our 1Password Security Design white paper does touch on this subject. See appendix A "Beware of the Leopard" section.

  • Hiiragi
    Hiiragi
    Community Member

    Hi, @Ben

    Thank you for your reply.

    Is even the user's subscription information encrypted with the user key?
    For data that is not encrypted with a master password, I believe that a third password for login is required, just as for a typical website. ( Separate from the master password. )
    Ideally, after logging in in this way, the secret key and master password should be entered if the vault data is needed.
    But you are also correct that operationally it is a challenge.

    The second one, "include access to billing and other admin functions from within the client apps" is also very good because it reduces the risk as well.
    I am very pleased that this feature has been incorporated into the development task.
    However, if possible, I would like to see this worked on as a priority, not as a convenience feature, but as a security feature.

    1Password is security oriented and has the best security features I know of in a password manager.
    That is why I want to continue to use 1Password, so please implement that feature.

  • Itivu
    Itivu
    Community Member

    my.1password site should be able to authenticate and auto log you in if you are logged in via a browser extension. Why would that be hard to do? There should be no need to enter the master password and secret to that site directly.

  • Itivu
    Itivu
    Community Member

    No answer? It's should be possible to safely auto-authenticate a user without the user entering their credentials to my.1password website. This should be trivial (cryptographically).

  • Hey @Itivu

    With the current & upcoming winter holidays much of our staff is taking well deserved PTO, and so responses to suggestions/feedback will be limited. We are continuing to monitor though and will be sharing any ideas with the appropriate folks. I've noted your comments for the team to consider. I'm not in a position to comment on the feasibility of the idea, but I appreciate where you're coming from. Unless there are pitfalls to that approach, or it would be more difficult than you're anticipating, I think it is a neat concept. 😃

    Happy holidays.

    Ben

  • Itivu
    Itivu
    Community Member

    Thanks. There is already public and private key crypto 1Password is using. It would trivial to prove the user is legit by authenticating with the private key without the need for password.

This discussion has been closed.