I just realized that 1pass keeps both my password and security key saved in 1password entry :O
Hi All,
I always knew that 1Password has an entry in the vault for logon to itself... and I knew that it keeps there secret key, which I don't find too good of the idea and I plan to remove it from there.
However only now I discovered it also keeps my password to the account saved there :O
That seems insane? Is it a default behaviour or did I by mistake have saved it on some occasion?
Can you please let me know if it is a default behaviour and if so why is it considered safe to do?
Thanks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
The Secret Key and Password could have been saved there. Most folks make their own determination if they want to keep them there. You cannot access the account password stored there unless you know the account password to unlock 1Password. This is akin to keeping the combination to the safe within the safe. Unless you leave the account unlocked there would be no possibility someone could access it. It helps if you have something like Touch ID enabled and you happen to forget your password. If Touch ID is available on another device you can access the details and refresh your memory.
Make sure you have or save a copy of your Emergency Kit! It contains a copy of your Secret Key. It's imperative you store this securely. You may need it to regain access to your account in the future.
I also recommend keeping a copy of it outside of 1Password. It needs to be accessible in certain circumstances but remain protected. Inside can be beneficial in some very specific situations like I described above.
0 -
Thank you for coming back to me.
You wrote:
This is akin to keeping the combination to the safe within the safe. Unless you leave the account unlocked there would be no possibility someone could access it.I don't think it is a good comparison. I think it is quite misleading to give false sense of security. Unless you usually keep your safe with precious stuff inside in the middle of shopping mall inviting everybody and anybody to fiddle it with it and also potentially to look over your shoulder when you enter your combination or just when you keep it open ...
I just think it is a bad practice to keep all security info inside. What is the point of splitting password from encryption key if you keep them together in the end in one place which is also the top target?
It is one of those things that will cause problems and will be changed by 1Password after the problems happened...
0 -
I'm not sure you understood my meaning.
This is akin to keeping the combination to the safe within the safe. Unless you leave the account unlocked there would be no possibility someone could access it.
This is saying that by keeping the password in the safe it is impossible for you to use when you need it. It is recommended that you keep the password on the Emergency Kit outside of 1Password lest you'll be unable to access it.
In a nutshell, a nefarious actor could not get at your secret key and account password there (while locked), because they'll have needed to unlock with your password to access said data. In short, a good locking routine is always desired vs. leaving the database fully unlocked all the time.
Your data is your data you can freely remove it from inside should you wish to do so. :)
0 -
From a common customer point of view - this has been discussed here and on Reddit over and over again and I don't find the existence of this record in my vault anything but convenience when I need log into 1Password on web (seldomly) and no security risk - because when someone is able to get this record from my vault, I have already been knocked-out and broken, as he already has access to everything.
Of course, this is just a mildly educated opinion.
0
