Security concerns when entering the master password to login to the 1password for families
Hello,
I'm using 1password for a long time and started trying 1Password for families. During signup I used my current master password as you recommend it in your migration guide. Now when I want to login I'm asked to enter the account key and master password.
Isn't this a security risk when the communication between my computer and the agilebits server is compromised? So far the master password was supposed to never leave my machine and now I'm concerned to send it over the internet.
Regards
Mathias
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:master password family
Comments
-
@mathias_janzen This should help... The full article is here... Understanding the Account Key
Master Password
All your Team vaults are end-to-end encrypted with your Master Password, a secret that only you know, which is never transmitted over the Internet. If someone else gains access to your encrypted data, they can’t do anything with it unless they know your Master Password.
Because your Master Password is critical to your account security, we take extra measures to strengthen your Master Password in order to slow down automated Master Password guessing software.
But your Master Password is not the only thing protecting your data. It works in conjunction with your Account Key to provide even greater protection than it does by itself.
Master Password + Account Key
With traditional two-factor authentication, an existing device is used to authorize a new one. But the existing device is only used for authorization. The one-time passwords are not used to harden the encryption.
Your Account Key works in much the same way. It is required to authorize a new device. However, your Account Key is actually used to improve the encryption of your data. Both your Master Password and your Account Key are required to decrypt your data. This has several benefits.
Your Account Key:
Protects against a weak or reused Master Password because the Master Password alone is not enough to decrypt your data.
Protects your data even if someone else obtains it. The data is useless without the Account Key.
Protects your data when you reset your browser. If you reset your browser, the Account Key used by the 1Password for Teams web app is wiped out instantly, making doubly sure that no one can get at your data.0 -
Hello @Scuba629 ,
thank you for your reply. I've read this article before but didn't really get how this works:All your Team vaults are end-to-end encrypted with your Master Password, a secret that only you know, which is never transmitted over the Internet.
I asked myself why I have to enter the master password in the login form when it won't be transmitted. Maybe I understand now: I guess the entered master password is only processed locally with a javascript function to generate a token that is used for authentication.
Hopefully someone from agilebits can confirm this.Regards
Mathias0 -
@mathias_janzen Correct the token is what is sent over the internet. Your master password and account key create that on your local machine/device.
Here is a quick cut and paste from @jpgoldberg on another thread.
Magic
Your Master Password is never transmitted, nor is your account key. There is even a bit of mathematical magic which means that during a login to your Families site, no secrets are transmitted.
1Password calculates a number, x, from your Account Key and your Master Password (and from some non-secret stuff as well). And when you first sign up, it also calculates a related number from x called v (for "verifier"). When you first sign up, v gets sent to the server, so the sever will know v only.
Proving you know a secret without revealing it
Now the really cool part is that because of the way that v is created from x it is possible for 1Password on your machine to be able to prove to the server that it knows x but without revealing any secrets whatsoever in the process. Furthermore, it is possible for the server to prove to 1Password on your machine that it knows v, again without revealing any secrets. So someone listening in to that communication (even if they get past TLS) will learn nothing. Furthermore, they won't even be able to "replay" what they recorded from that session because the way that the server and 1Password prove to each other that they know v and x is different each time. (The math is the same, but random numbers are used for each session.)
Key exchange
To make things even cooler (ok, perhaps the kinds of things that I think are cool isn't what everyone thinks is cool) is that during the process of 1Password and the server proving to each other that they know x and v, they also create a session key that is used for another layer of encryption for the rest of the session. Again, this is done in a way that even someone listening in on the whole conversation will not be able to figure out what the key is.
The buzzwords
The jargon is that 1Password uses a PAKE known as SRP which is based on Diffie-Hellman Key Exchange.
0 -
@Scuba629 Thanks a lot again!
This is the answer I was hoping for and now I dare to enter my master password :)0 -
Hi @mathias_janzen,
You may also be interested in reviewing our white paper, which goes into detail on this and a number of other subjects:
1Password for Teams White Paper
Thanks for chiming in @Scuba629!
I hope that helps!
Ben
0 -
I am a longtime 1P user. I have just added Family account and expect to soon add one or more team accounts.
I chose a different master password than I have been using, and I anticipate a different master password for the team account. Within the apps it seems that entering my original/personal master password gives access to all my vaults including the new cloud based vaults, which is fine with me.
I migrated all my data from my Primary vault into my new family personal vault. Is there any reason I shouldn't use my (now empty) primary vault to store the family and team master passwords and maybe even the account keys? My reflex is that this is fine, since after all, I have a long habit of storing crucial/important info in my 1P vault. But I'd love to hear what the company or other users think about this.
0 -
@hesspaul you might be interested in some of the responses from this thread.
I think this response from brenty is particularly helpful:
Safety is less of a concern than accessibility risks. After all, your 1Password data is encrypted, so where you store it is largely irrelevant, provided you've secured it with a long, strong, unique Master Password.
Your setup adds an additional layer which may actually make it more difficult for you to get into your own data. For example, if you forget that Master Password (or lose the vault in a disaster), you won't have access to the the rest.
I also think it's worth considering that this setup could preclude someone else being able to access your data in your absence, when you might want them to be able to do so. For this reason, we recommend printing the Emergency Kit and storing it in a secure location — perhaps in addition. That way you could include it as part of your estate planning. It's definitely worth contemplating carefully, but ultimately it's really up to you. :)
I hope that helps answer your question!
0 -
Thanks @nmott I'll check out that thread in more detail.
It seems like I should go ahead and store my family/team info in my personal 1P vault (which I have a long history of practices to protect from disaster/loss/etc). This would give me convenience and security. Then for each team I already plan to share the team recovery data according to that group's practices. For instance I might give a company their recovery info to store in their physical vault.
The new piece here is to be careful what I migrate into my "team" personal vault if it's not team related.
No reply needed here. I'll participate in that other thread if I need to. :-)
0