Double verification for certain items
Comments
-
One thing all password managers have yet to implement is a per-item client-sided encryption mechanism using a password/key completely unbeknownst to the password manager itself.
Let me explain what the feature would look like first.
The feature would essentially allow users to make an item "password protected", but this password would not be their account's password nor their account's secret key, it would be a password of their choosing unique to that item. Said password would then be used to encrypt the item's data.
On 1Password's side, the (client-side encrypted) item would be encrypted again using the existing mechanism, the difference being that unlike with normal items, the items that are password-protected are encrypted on the client side, which means they would not be compromised even if somebody else gained access to a user's 1Password account.
This would allow users to protect very sensitive items and make it significantly harder for a malicious actor to gain complete access to a user's information even in a scenario where they gain physical access to a user's device or if 1Password is ever breached.
These items would of course be impossible to recover should the user forget the item's password, as such, it may be a good idea to hide the password protection unless a setting enabling the feature is toggled by the user with a warning mentioning the risk of forgetting their password.
When a user would try accessing the item, they would always be prompted to enter the item's password.
This would be useful for securing the following types of items:
- Bank account credentials
- Credit cards
- TOPT (while I agree with some of the points made in https://blog.1password.com/totp-for-1password-users/ and I have hardware security keys for accounts I want true MFA on, it is an undeniable fact that if the feature exists, people will use it, even if it's not always the best decision, and a malicious actor with physical access to a device in which the user is already authenticated on 1Password with would allow them to do a lot of damage)
- Important credentials, such as the 1Password's credentials that are added automatically upon account creation as part of the "Starter Kit"
Right now, the only alternative I have is to create a "Document" item and upload a password-protected archive, but that's not the most portable or ideal solution.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided0 -
Hello @TwiN! π
Thank you for the suggestion! All of the items in your 1Password account are already protected with end-to-end encryption using a private key that is derived from two secrets that 1Password does not know: your account password and Secret Key. All that we see on our end are encrypted blobs of gibberish. You can read more about what we know and don't know about users here: What we (donβt) know about you | 1Password
This means that no one but you can decrypt your information.
On 1Password's side, the (client-side encrypted) item would be encrypted again using the existing mechanism, the difference being that unlike with normal items, the items that are password-protected are encrypted on the client side, which means they would not be compromised even if somebody else gained access to a user's 1Password account.
I'm not quite sure what you mean. All of your items are already encrypted on the client-side (on your local device) before they ever leave your device. Can you expand a little further about what specific threat model you're trying to protect against? In what scenario would an attacker gain access to both your account password and Secret Key but not a third password for specific items?
-Dave
0 -
Hello @Dave!
By default, when you create a 1Password account, an entry "1Password Account" is created with the tag "Starter Kit".
This entry contains:- Your 1Password password
- Your 1Password secret key
Let's say somebody gained access to your computer or your phone, and your account was unlocked.
They would effectively have access to everything they need.
LastPass had a feature to protect against this which was basically an optional checkbox on each entry labeled "Require master password re-prompt", which, if enabled on a specific entry, forced the user to re-enter the master password (even if you had already logged in) to view the item's details.
This would make it so even if a user gained physical access to your account, they'd have to re-enter your password (which they do not know). Securing very important logins (e.g. 1Password Account, bank account, private documents, etc.) would be an excellent way to ensure that physical access to a device does not guarantee access to every logins.
This may seem like a stretch, but given how many phones are stolen every year, it's not that unusual.
Anyways, what I was suggesting was implementing something similar to what LastPass has (per-item configuration that lets users configure whether password should be re-prompted to view the credentials), but while allowing users to set an arbitrary password.
To be honest, the per-entry password suggestion can be ignored, but the ability to require master password re-prompt on items of one's choosing would be a very welcomed security feature.
0 -
Hello
I have been testing the family plan for some days and there is a ton of things that I like.
But, I don't understand 1Password's constant denial position about the topic of the usefulness of a master password or biometric reprompt (double verification) for eligible items.
I have been following the support and discussion channels about the service (in this website, Reddit, Twitter, Facebook) for a long time and this is something that gets asked quite often by users.
I understand perfectly that this is not something that is going to protect vault contents against a professional cyber attack executed locally on the machine, but protecting against this has never been the point of this feature. The point is to have an extra barrier of protection on your most critical items in case you forget to lock your OS. Who hasn't been in that situation?
Let's say you are alone at home and go to the bathroom. Being alone in your own house you aren't thinking that someone is going to enter, it is easy to forget to lock your PC / Mac at that moment. Suddenly, your kids or partner enter the house. They will have a moment to easily access information from one of the sensitive items stored in 1Password, like your master password, secret key, credit card number or content in a Secure Note. Neither your kids nor your partner are NSA operatives that are going to be able to breach your machine to extract your 1P master password from a memory dump, but anyone that uses the unlocked PC/Mac at that moment can access sensitive info under a situation like this. A simple master password or biometric reprompt is enough to stop this from turning into a bad situation for you and will keep your sensitive items where you have decided to use this option out of their prying eyes.
Do you really think that every other respectable password manager out there is wrong in implementing this, or that all of them are putting their customers at risk engaging in a dangerous "security theater" as I have seen this called by 1Password team members in many threads about this topic in the past?
This is something really trivial for the devs to implement and isn't going to hurt anyone. The option could be easily accompanied by an explanation-text like the one you use beside the already implemented Watchtower option if you really think that this could give a false sense of security to a minuscule portion of 1P users. That text says today "This feature may pose a small risk to people that reuse similar passwords". This small risk hasn't stopped you from implementing the option to use Watchtower, isn't it? "Options" is the keyword here, please let us have the option of a master password / biometric reprompt and if you want, just explain the risks, as every other good password manager on the face of the earth already does in 2023.
Thank you for your time.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Ventura
Browser:_ Chrome0 -
This content has been removed.
-
2FA recovery codes are not something you use very often. I don't see the need for another password.
You already have password in you computer and phone then another password for 1password app..And your asking for another password?
Why not just zip it and attach.0 -
Thank you all for the feedback. While I can't promise anything, I've passed along your comments and requests to the product team. π
-Dave
ref: PB-31047550
ref: PB-310476490 -
A simpler example: I have a screen time app called ourPact to which I log in to give my daughter extra screen time.
My daughter knows my phone passcode, which on the whole Iβm fine with as it allows her to check things and use apps which are on my phone.
Knowing my passcode however gives her access to 1Password passwords as it is the fallback for faceid so she can give herself more time whenever she finds my phone unguarded!
Having the ability to set an additional passcode/password for certain items would add this extra layer of security for these scenarios. Apple screen time does this by having a separate passcode to your regular phone one just for screen time.
0 -
Just to continue, I think a re-prompt requiring master password would work for this as the other poster said, as it is independent to computer passwords/phone passcodes
0 -
Knowing my passcode however gives her access to 1Password passwords as it is the fallback for [Face ID]
If Face ID doesn't work to unlock 1Password, it'll fall back to asking for the full account password. The only way your device passcode would ever unlock 1Password is if you specifically choose that in 1Password's Settings > Security.
There's more information about that here: Use your device passcode, PIN, or pattern to unlock 1Password
So, that means that if someone tried to unlock 1Password and didn't pass the Face ID check, they would need to know your full account password to unlock it anyway, not just your device passcode.
I hope that clarifies matters, but let me know if you have any questions.
0 -
I believe they are looking for a similar feature that Bitwarden has implemented as an example.
https://bitwarden.com/help/managing-items/#protect-individual-items
0 -
Hi @Dave_1P - Similar to @littlegreenguy, I have a situation where I'd like the convenience of using a biometric lock (on phone and computer), but want the extra protection for certain items. In my case, I'd love to have a re-prompt for anything financial. So I can essentially have layers of security for items that I care different amounts about. e.g. it'd be more convenient to have biometric unlock and/or have the lock timer set a little longer, and for some random web service, maybe that's just fine, but it's not fine for my 401k, brokerage account, or primary email account. The primary threat, aside from little ones not knowing what they're doing, would be a lost phone that's unlocked.
0 -
Thank you for the detailed explanation of your use case for such a feature. Just to clarify: you can set 1Password to auto-lock so that either biometric unlock or your account password is needed to unlock 1Password and fill a login. You can read more about auto-lock here:
Your kids would be unable to unlock 1Password without your fingerprint/face or account password. Have you added your kid's fingerprint/face to your devices, is that why you're afraid that they might be able to unlock 1Password?
I look forward to hearing from you.
-Dave
ref: PB-35339769
0 -
Yeah, I hear you. I think at the end of the day, what I'm getting at here is that I care more about the security of certain items than others and I'm willing to tolerate a higher barrier (i.e. less convenience) to access those items I care more about. So I understand that I can auto-lock on a short timeframe and I could require the master password for everything, but then there are convenience costs to this approach. It's not like I can give myself a 10minute auto-lock but only give my kids 30sec, it would be the same for both of us, but I feel like I have set it for the highest security item to be safe.
0