How does the Recovery Code feature work?
This is about the new Recovery Code feature:
https://support.1password.com/recovery-codes/
As per the documentation, using the Recovery Code means "You’ll receive a new Secret Key and create a new 1Password account password."
I am confused.
The whole basis of zero-knowledge encryption is that 1password is supposed to have no knowledge of our credentials.
If this Recovery Code feature can actually change the Secret Key, it seems like a 'backdoor feature', meaning our credentials are not really private anymore.
How does this work?
How can 1password offer a 'Recovery Code' feature and still maintain a Zero Knowledge architecture?
1Password Version: 8.10.32
Extension Version: Not Provided
OS Version: Win10
Browser: Not Provided
Comments
-
Hello @fernando91! 👋
Thanks for the question. Recovery codes allow you to recover access to your 1Password account in the event of a lockout where you've lost either your account password or Secret Key. Generating and managing recovery codes on 1Password.com is currently limited to individual accounts.
Your account password and Secret Key are never sent to 1Password's servers. Instead 1Password uses Secure Remote Password (SRP) to authenticate your account: How Secure Remote Password protects your 1Password account
When you first signed up for a 1Password account, the local client on your device generated a Secret Key and asked you to set an account password. When you complete recovery using a recovery code a similar process occurs: the local 1Password client on your device generates a new Secret Key and asks you to set a new account password. These are generated locally on your device and are not sent to the server.
Regarding the recovery code process itself, a colleague of mine from our security development team shared a great overview on Reddit: https://old.reddit.com/r/1Password/comments/1cty1bl/recovery_code_how_is_the_encryption_key_derived/l4hx0q2/
Let me know if you have any other questions after giving that a look. 🙂
-Dave
0 -
Excellent question and good explanation on Reddit.
I suggest you make this a FAQ item on your site instead of referring to a post on a third-party website.
0 -
… and please put the details in the security white paper.
0 -
Thank you Dave for the answer.
I finally had the time to come back and analyze what's going on.The Recovery Code feature seems superfluous to me, and I don't know what type of user would benefit from it. If somebody lost their PW and Secret Key credentials, what says they would be any better at keeping track of a Recovery Code? People should just keep their original credentials safe.
The idea behind the Recovery Code seems to be that it doesn't need to be securely stored, because it's useless without e-mail confirmation. Therefore, the e-mail account becomes the weakest link. And if someone is so careless as to lose their PW and Secret Key, what kind of security would they keep on their e-mail? Furthermore, it is very likely their e-mail credentials, TOTP seed, and/or Passkey may be stored in 1password. Can they even login to their e-mail account? What percentage of people actually memorized their Google or Apple account logins? Lastly, people are careless. They leave e-mail open, and they use webmail services that are hardly private or secure.
I can't figure out why this feature was invented.
From my perspective, the Recovery Code feature looks like a solution looking for a problem.
IMO, the safest choice is to not use a Recovery Code and focus on securely and responsibly storing your credentials in the first place.0 -
Thank you for the reply. Storing a recovery code can be more secure than storing your account credentials. While it's important to keep it safe, your recovery code can't be used without a verification step using your email account. Additional protections prevent the use of a stolen recovery code under certain circumstances, such as if you're currently signed into and using 1Password on one of your devices. Contrast this to storing your account credentials, they can be used at anytime.
The team is also working hard on bringing passkey unlock to the stable version of 1Password and recovery codes are vital for this new feature. If you were to lose your passkey, or all of your trusted devices, then the recovery code allows you to regain access to your 1Password account.
Let me know if you have any questions. 🙂
-Dave
1 -
Thanks @Dave_1P for the additional information.
The provision for a Recovery Code alongside Passkey Unlock is reasonable and logical.The only hole I see is that if the encrypted databases were somehow stolen, (as they were with one of 1password's major competitors), a carelessly stored or disclosed Recovery Code could be used to do an offline unlock of the encrypted password database. (This is a possible, but very unlikely theory.) Criminals could use stolen customer data to send out very convincing phishing messages, trying to get customers to give up Recovery Codes. Is it possible? Yes. Is it likely? No.
Finally, I now understand the main benefit behind the introduction of Recovery Keys.
0 -
Thanks for your detailed explanation, Dave. Your colleague’s Reddit post was also helpful in clarifying certain details.
I’m now looking to generate a recovery code in the unlikely event I lost my safely stored emergency kit AND my two devices where I am signed into 1Password.
As I see it, I’d only need the recovery code in the above circumstances? And email isn’t a problem because my email credentials aren’t stored in 1Password. Therefore someone getting hold of the recovery code on its own wouldn’t be able to access or take over my 1Password account without email verification?
Many thanks
0 -
I'm happy to help! 🙂
-Dave
0 -
So I have to either write down this recovery code and put in a some secure location or store it digitally in a secure location? Just like my Secret Key? So now instead of 1 information item (Secret Key) I need to safeguard, there will be two items (Secret Key plus recovery code) thus doubling the number of opportunities for these items to be found and used to access my 1password vault, not to mention that I have to remember what secure locations I put them in. I don't see the point. But would you suggest some options for where I might keep these items (either or both of them) securely, but still accessible?
0 -
I have personally seen cloud documents become corrupted, and digital keys become unreadable. I keep mine (hard copy printed out) stored in a floor safe for easy access. They are also kept at a relative's home (again in a safe) for unfortunate situations and finally in a bank safe deposit box for disaster preparedness.
0 -
Thanks for your response. My personal situation is no other person i'm comfortable leaving this access/recovery info with. So personal safe or bank safe deposit box could work, but the accessibility of those isn't great, for example if traveling. Therefore, do you have any suggestion for storing securely in digital form where it's accessible (rather than hard copy storage)? Do you store both the Secret Key and the Recovery Code in the same place?
If you have a view on this, could you share: I get that the new recovery code requires an email auth so theoretically an additional security layer, but I still don't get the point of this feature. If I'm forgetful or careless and lose my Secret Key/Emergency Kit, I'm just as likely to do the same with the Recovery Code. So how is it helpful to add a second method of regaining access which has exactly the same problem as the original one - where to store it securely and how to avoid forget where it/loss?
Thanks for your input.0 -
Correct a safe deposit box is not convenient which is why it is my 3rd layer. The floor safe I describe does not need to be accessible by anyone else.
If you're traveling, you could provide the code in several pieces to trusted people you could contact in an emergency. A family member could fill the need, perhaps; each person would not have access to the entire picture. If you have an attorney, consider keeping this with other important papers. I don't know if they would maintain a copy for you. You'd need to talk with them.
The details need to be protected and safeguarded to ensure they are not lost or stolen. Carelessness is another consideration. You'd need to place any safeguards to ensure the item was not lost or misplaced. I have talked with many people where something like that lead to data loss. We do not want you to experience that situation. 1Password is the key to your digital life. Because 1Password guards all the details of that digital life, there are vital considerations that you would need to think about.
You might use the sealed envelope situation and provide several family members with a portion of the details so you would know if anyone had accessed it. However, this could also be problematic (personally, for me) as I need to remember which person I shared the details with. I would better recall where I saved it vs. who I provided the pieces to.
It's one of the advantages for my family and me to have account recovery via another owner. When my Mrs. passed, who was my backup, I promoted my son to organizer. We maintain two owners at all given times, and I have also created a recovery code for my account. I am so steadfast in assuring nothing happens to our digital legacy. It's probably the single biggest thing that I contemplate daily. I can only hope my sons think this hard on their legacy when I pass.
The reason I seldom suggest a digital location is all of my digital passwords are inside 1Password. For me the hardcopy would be the best option. I also use this feature as another safeguard of sorts:
Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Drive enabled and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your Password.
0 -
Thank you very much for the helpful and thoughtful input. Very good guidance. Have a great day!
0 -
@ag_tommy Tommy, I'm so sorry you lost your wife. Just terrible. My deepest respects.
0 -
Thank you @mygoodness I appreciate the thoughts.
0
