Security Question. New iPad has secret key already? Security risk?

Illusion5
Illusion5
Community Member
in iOS

I got a new iPad today. Used the Apple transfer dialog to move everything over. Opened 1password on new iPad with password and everything was there. I thought the secret key never leaves a device it is on electronically? I thought we had to write it in or use a QR code image. It was super easy, but does this create a security risk? Or is the secret key really mostly to secure the cloud storage location from external threats?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • ag_tommy
    ag_tommy
    edited June 8

    @Illusion5

    Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Drive enabled and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your Password.

    The Secret Key is half of the combination to your data. It is used in conjunction with your password to unlock your data. Without both halves you would be unable to unlock your data.

    https://1password.com/files/1password-white-paper

    Secure Remote Password:

    Using some mathematical magic the server and the client are
    able to send each other puzzles that can only be solved with knowledge of the appropriate secrets, > but no secrets are transmitted during this exchange.

    edit: Fix markdown formatting.

  • Illusion5
    Illusion5
    Community Member

    @ag_tommy

    Thank you!!

  • Dave_1P
    Dave_1P

    I'm happy that Tommy was able to answer your question. 🙂

    -Dave

  • metalleg
    metalleg
    Community Member

    I just downloaded the 1Password iOS app on a brand new iPhone and when I went to sign in it already knew my 3 accounts (it still required my password though). I have the 1Password MacOS app and am logged into the same Apple ID on my Mac and iPhone, so I assume my account keys were somehow synced via iCloud. However I've checked both my iPhone and Mac settings and don't see 1Password in any of the iCloud settings so I am wondering how my new iPhone was able to get these details. I'd prefer to turn this off if possible. I've also checked my 1Password settings in the Mac app but don't see any settings that relate to this.

    For context I have Handoff turned off, and Passwords & Keychain in iCloud turned off as well.

    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Browser: Not Provided

  • ag_tommy
    ag_tommy

    @metalleg

    Please see the post here -
    https://1password.community/discussion/comment/711899/#Comment_711899

  • ag_tommy
    ag_tommy

    I've now merged the topics. :)