Clarification on Secret Key / Setup Code, and Plans
Hello,
I was going to post this is my previous thread, but that keeps getting moved around and this topic seems to fit memberships. Feel free to move if necessary. :-)
Secret Key
From my understanding, based on this article, when you enter your master / account password, the Secret Key is automatically entered "behind the scenes" as a second form of authentication. The Secret Key is only available on our devices, so if an attacker were to gain access to your servers, it would be almost impossible for them to access our vaults.
Is this correct?
Setup Code
Based on it's definition in the glossary:
Square barcode included in the Emergency Kit. Scan it to sign in to your 1Password account on a new device without needing to enter your Secret Key.
It seems as though it has a similar function to that of the Secret Key. Can you please clarify?
Can we regenerate a new Secret Key or Secret Code if needed?
Individual and Family plans
If I were to get the individual plan, could I upgrade to the Family plan at a later date? Also, could I go from the Family plan to the Individual plan if I decided I didn't need the Family plan?
Thank you!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hey @ScarySulley
I don't think there is a need to move this conversation. It seems mostly membership stuff just like you described. 🙂
Secret Key:
https://1passwordstatic.com/files/security/1password-white-paper.pdf
your Secret Key comes into play in defending you in case of a server breach.
-
But while the Secret Key is unguessable it is not the kind of thing that can be committed to human memory. Instead of being stored in your head, your Secret Key will be stored on your device by your 1Password client.
Yes, correct.
The Setup code:
It is a scannable QR type code to assist you in signing into other devices. It's contained on the Emergency Kit along with the Secret Key. It's not similar too the Secret Key because it contains the Secret Key. When the code is scanned by 1Password some of the fields will pre-populate like a sign in url for the region you've used to create your account, Secret Key, and the email address used when you created the Emergency Kit. * The account password would not be filled. We don't have it. There is a place for you to write it on the Emergency Kit should you wish to do so.
Yes, the Secret Key can be regenerated. If the Secret Key is regenerated you would be able to download a new Emergency Kit which will contain a new Setup code with the new details.
--
Individual and Family plans:
Yes, and Yes. You can move in either direction as needed.
0 -
Thanks for the info, @ag_tommy!
QR code / Setup Code
Okay, if I understand correctly, when you scan the QR code, it'll automatically fill in the fields (minus the master / account password). This is only for the first sign-in to 1Password? What information do you input for all subsequent sign-ins to the 1Password app / website? I see the input fields are Sign-in Address, Email Address, Secret Key, and Password. Coming from 1Password 6, I'm used to just inputing the Master Password.
Also how does scanning the QR code / Setup Code work on a desktop? Would you just input the info manually?
Individual and Family plans
If we change plans a few months into our subscription, I'm assuming we just pay the difference or get a refund if we downgrade from Family to Individual?
If I had the Family plan, each user needs to have their own account, right? Do they also need the Family plan or just an Individual plan?
Email address
Can the email address we use to sign in be changed?
Sorry for all the questions, but I like to learn as much as possible when it comes to security-related software.
Thank you for your patience!
0 -
@ScarySulley Any QR code is just a machine readable version of some ordinary text, such as this posting. It's easier for computers and more reliable to read a QR code than to OCR some image. In case of most QR codes, their text contains a URL. The app that scans a QR code first decodes the text, then interprets the URL.
In case of the 1Password QR code, it isn't a http:/...... URL using the http protocol for a web browser, it's a onepassword:/...... url using the made up "onepassword" protocol. If the 1Password client is installed, it might have registered this protocol in some OS registry, so the QR code reader will start the 1Password client and hand over the URL to the app. In case of a 1Password setup QR code, the "...." will contain some values, such as email address and secret key, which is given to the app, which will prefill some input fields when it displays the sign in dialog.
You can always enter all the info from the QR code manually, instead of scanning the QR code. It's just a convenient way to transfer the secret key without having to type it in.
0 -
QR code / Setup Code:
I enter mine manually if needed. I typically forget the camera is on my laptop. I remember years ago always wanting a built-in camera. I almost never us it now. LOL
Once you initially sign in all you should need is the password to access your data.
Individual and Family plans:
When you change plans you'll get a prorated credit added to the account for the remaining.
The users DO NOT need their own family account/subscription nor do they need their own individual account/subscription (outside of the family group). They will become part of your family membership/account. You cannot pull another users account into the family. They must use an account that is created under the family umbrella. As the family organizer you would invite them to join your family.
tl;dr
- Start the family
- Invite
- They create an account that's part of the family group.
Email address:
Yes, the address can change. If it does, I recommend creating a new copy of the Emergency Kit for your records. You could also flip the current one over and make notes on the back. I've done that too. e.g. password changed on [date], or email updated on [date].
No worries on the questions. Ask away. 🙂
0 -
Thank you @Tertius3 for the info on QR code / Setup Code.
@ag_tommy, thank you for the clarifications.
Individual and Family plans
So the users who would be part of the Family account would have "sub accounts" within my account, but it's not a separate 1Password account? But they will only see shared vaults? What password do the "sub accounts" put in when they want to sign in to the account through the website or the 1Password app?
Also, does each vault have their own password? Or does the account password apply to all vaults?
Saving Account / Master Password
I was watching this YouTube video at about the 2:05 point, he inputs his Account Password, then 1Password shows a button to "Save in 1Password" (he says so you don't have to enter it again). Does this save the Account Password to the vault? Is this not a security risk since the Account Password should only exist in our memory and Emergency Kit? Are we able to sign in and bypass this option to "Save in 1Password"?
Regenerating Secret Key
A while back someone here advised not to change the Master Password. Although I don't remember the reason, I think it may have been that you would have multiple passwords amongst the backup files 1Password would produce instead of just one. Wouldn't this be the case if you regenerated the Secret Key?
Thanks again!
0 -
Individual and Family plans:
Yes, correct; they are sub-accounts beneath the main account.
They set their own password when they establish the sub-account. No, there is only one password to access the data. That is the account password associated with each user.
Saving Account / Master Password:
You can choose not to save the password within 1Password. That said, I recommend it above and beyond saving the Emergency Kit outside of 1Password after seeing so many people lose access. They'll sometimes end up having biometric access and not recalling the password. With it saved inside 1Password, it's available to locate, assuming they have access.
Regenerating Secret Key:
You could regenerate the Secret Key, but it would replace any previous versions you used. That's because it's half the encryption of your data. The account password is the other half. They act together to allow you access.
As to changing the password, we have folks do it all the time. It just takes muscle memory to recall. Ensure you save it outside of 1Password lest you forget it and lose access. In my time, I've probably changed my password 5-6 times, if I had to guess.
Having an additional owner and now recovery key is paramount to the safety of your data. Please don't over look those.
0 -
Thank you, @ag_tommy.
Individual and Family plans
Do the family sub-accounts also get their own private vaults, or do they just have shared vaults?
Saving Account / Master Password
I was watching this YouTube video, and at the 15:26 he goes back to his 1Password page to sign back into his 1Password account after it timed him out. However 1Password gives him the option to autofill the Account Password. Is this not a security risk? Earlier versions of 1Password, if setup properly, would auto lock after a set amount of time and then you'd have enter your Master Password manually again. Can this auto fill for the Account Password be disabled?
Recovery Codes
Thanks for the info on the recovery codes, I'll look more into that. What do you mean by "additional owner"?
Backups
I couldn't find anything in the Support pages regarding backups. How does backing up vault data work?
Thank you!
0 -
Individual and Family plans
Yes, all accounts no matter the type have their own Private or Personal vaults.
Saving Account / Master Password
However 1Password gives him the option to autofill the Account Password. Is this not a security risk? Earlier versions of 1Password, if setup properly, would auto lock after a set amount of time and then you'd have enter your Master Password manually again.
That person appears to have the login saved. They have 1Password unlocked and because it's unlocked they can fill the password. Because it is unlocked there is no concern with filling. Your data is already available and accessible. This is merely a convenience factor. You can remove the URL from the login.
If they did not have 1Password unlocked then no suggestions would be offered inline.
From above.
You can choose not to save the password within 1Password. That said, I recommend it above and beyond saving the Emergency Kit outside of 1Password after seeing so many people lose access. They'll sometimes end up having biometric access and not recalling the password. With it saved inside 1Password, it's available to locate, assuming they have access.
If you do not want the login available for filling you can remove the URL. So the item is not offered on 1Password.com. I would suggest keeping the saved item for the reason mentioned above.
Recovery Codes
About family organizers in 1Password Families
Backups
Backups are kept on 1Password.com.
0 -
Hi, @ag_tommy, thank you for your info on your previous reply. Sorry I took so long to respond.
In reading the documentation on migrating existing data from 1Password standalone vaults to a 1Password account, it says to use the same Master / Account Password:
During sign-up, you’ll be asked to create an account password. Use the password you already use with 1Password. After you’re done creating your account, you’ll see your Home page.
Why must we use the same Master / Account Password? I realize we can change the Master / Account Password later, but just curious as to why the documentation states we should use the previous Master Password upon signing up for a 1Password account.
Thank you!
0 -
Most folks like to use the same password if at all possible for their own ease of use. It makes for a smoother experience during the migration process in being able to move fluidly between a non-membership setup and a membership. People can often get confused about which password is being asked for and when during the migration process. It helps ensure no one is locked out of their data when they create very complex passwords for accessing 1Password.com, not realizing it will be used to unlock their data moving forward.
One key takeaway is that the account password will also be used to unlock your data once the migration is complete. Meaning you'll use it to unlock 1Password. So it needs to be accessible outside of 1Password. Be sure to write it on your Emergency Kit, for example.
Yes, correct; it can be changed later on if desired. I'd suggest using the same password and changing it later on after completing the migration process.
I would also encourage you to create a recovery code before changing the password. It helps alleviate any nervousness you might feel during the password change portion. I was always super nervous about changing my password in the years before we had Recovery codes.
Generate and use recovery codes
- I recommend creating a recovery code even if you're not changing your password. It can be an invaluable tool to help ensure the safety of your data.
If you opt for a families membership we (my family) has always had two family organizers available to help with a different type of recovery.
0
