Security Concern- Secret Password not needed
I'm evaluating 1Password and have a concern/question. I understand the secret password provides extra security, in that one can't access or decrypt my data with just my username and password. However, when I install 1Password on my iPhone or iPad and enter only my username and regular password, I have full access to my data. So, I don't see how I'm getting any additional security because of the "extra layer" of protection. What am I missing? I had assumed that when I logged into 1Password for the first time in the app, I would need to enter or scan the secret password, but it isn't needed at all. Thank you.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hello @RandalHun! 👋
Have you already added your account to one of your Apple devices in the past? If you have then encrypted copies of your Secret Key are stored in your device keychains to provide data loss protection. If you have iCloud Keychain turned on then this encrypted copy of your Secret Key is synced to all of your Apple devices and you can add your account to a new Apple device and unlock 1Password with just your account password.
You can read more here: About your Secret Key
I hope that helps! 🙂
-Dave
0 -
Thank you. Yes, I had previously added my account to my Mac. This would explain why I didn't have to add the secret key manually to the iPhone/iPad.
0 -
0
-
This is a very elegant solution, and it balances strongly protected encryption with convenience.
0 -
0
