Secret key stored in 1Password

yankee
yankee
Community Member

Should I be storing my secret key in my 1Password account? Is it safe if my password is hacked from an old password app?

Comments

  • ag_tommy
    edited January 2023

    @yankee

    If your account password is compromised then I would highly encourage you to create a new password. Assuming for a moment the account password is safe no one would be able to access the Secret Key inside your app. I would also recommend keeping a copy of the secret key outside of 1Password. If the only location is inside it's a lot like keeping the combination to the safe inside the safe.

    tl;dr It sounds as if you'll want a new account password to be completely safe. If I had this question I would create another. I would recommend looking into doing just that. Also if the password was compromised (even if remotely possible) I would very strongly recommend changing all of your individual passwords. Start with the most important ones like banking and then move forward changing all of them.

    This thread may help. https://1password.community/discussion/136325/data-at-risk-after-migrating-from-lastpass

    How to choose a good 1Password account password

  • yankee
    yankee
    Community Member

    Thanks for your advice. That’s what I’m thinking of doing. I have my secret key in two places in my app. One is the one 1Password creates but the other is in a secure note. I should delete that one as well, I assume.

    I’m assuming I’m pretty safe because the secret key is required to change the password and can only be accessed on my devices, but it never hurts to change passwords. I could also use 2 factor login, but that seems like a real pain

  • I have my Secret Key kept within 1Password for safekeeping (easy of access) but I also have mine stored locally in a floor safe and additionally at a relatives home.

    2FA for 1Password is only used for the initial linking. After that you'll use the password for access.

This discussion has been closed.