Question about iCloud backups and 1Password
Hi!
With the new Apple Advanced Data Protection I started to think about how iCloud backups work with 1Password.
If a user were to use a 1password.com account and use that with 1Password on their iPhone, and that iPhone is backed up to iCloud, what would happen if that phone is restored from the iCloud backup?
Will it still be logged in and ready to go, or will it have all of it's app data removed and require to authenticate with the password and secret key again?
I truly hope it's the latter because the secret key should never leave the device, but I can't seem to find any information about it.
Comments
-
Hello @user12345! 👋
Good question! If you have iCloud Keychain enabled then, in order to make it easier to sign into your 1Password account on your Apple devices, 1Password will store an encrypted copy of the equivalent of your Emergency Kit in the iCloud Keychain. This includes your sign-in address, email address, and Secret Key. This information is encrypted and flagged in iCloud Keychain so that only the 1Password app can retrieve it. You can read more here: About your Secret Key
I believe that an iCloud backup of your device will contain a copy of the app and it's encrypted cache. You would be required to enter your account password to unlock the app after restoring the device.
I truly hope it's the latter because the secret key should never leave the device
The copy of the Secret Key that is stored in the iCloud Keychain is protected using end-to-end encryption. It never leaves your device in an unencrypted form.
-Dave
0 -
Thank you for clearing this up.
That's a bummer then. I would expect the secret key to never ever be synced to any cloud ever. I have no problem having to enter it again after restoring from a backup, and I feel much more secure having to do so because that means it's not synced anywhere.
0 -
Apple's iCloud Keychain is very secure. The data stored in the iCloud Keychain is secured using end-to-end encryption which means that no one, including Apple themselves, can see what's being stored there.
It's also important to remember that the Secret Key alone is not enough to access your 1Password account. Someone would need both your 1Password account password in addition to the Secret Key to log into your 1Password account and decrypt the data within it.
You can also enable two-factor authentication for your account to add additional security: Turn on two-factor authentication for your 1Password account
I hope that helps! 🙂
-Dave
0