Account Keys in Shared Vault
I've used 1Password for a long time, and one thing I've never been happy with is that the whole concept of "one" password is a lie. I always need at least one more password to recover my data from absolutely nothing. In my case, I would need my Dropbox password so I can sync my 1Password data, but my Dropbox password is stored in 1Password. Could I reset my Dropbox password? Probably, but now I need my email password.
I was hoping 1Password for Families solved this problem. Certainly some people believe that is the case, since here is a recent post from pendorworth over on the "Need 1Password for Couples" thread:
"The really cool thing is you get access in any modern browser, so you don't need the apps to get a password if you're on the road or don't have 1Password installed."
Is that actually true? I don't think it is. I must always have some existing device with 1Password on it, or the account key stored somewhere else (Emergency Kit) or I'm locked out. If I was on vacation and my phone was stolen, I would be completely locked out of everything until I returned home.
I understand the account key improves security, but who is it protecting my data from? Someone who hacks the AgileBits servers and downloads my vaults? I appreciate the extra security in that case, but do I really need to keep the account key private from people I trust?
I was thinking of putting all the account keys in a shared vault, and possibly even giving it to trusted friends to store in their 1Password. In this case my data is less secure since they only need to know my master password to have full access to my data, but is an additional layer of security necessary to protect me from my family and friends?
What I'd ideally like is the comfort of knowing if I had absolutely nothing on me, I could get on a computer and access any data I needed simply by remembering my master password. Since that isn't possible with account keys, I was considering sharing the account key so at the very least I can call someone (hopefully I still remember phone numbers) and get access to the account key.
How bad of an idea is it to put account keys in a shared vault? What is everyone else doing to get around this issue?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Excellent Question, @BrianE!
Let me start with:
I understand the account key improves security, but who is it protecting my data from? Someone who hacks the AgileBits servers and downloads my vaults? I appreciate the extra security in that case, but do I really need to keep the account key private from people I trust?
Your Account Key is primarily protecting you against an attacker who acquires data from our servers. If someone compromises our servers, we don't want them to be able to run a password cracking attempt on your data. I've actually described our design as an act of "cowardice" on our part because it makes us less of a target.
If we didn't involve the Account Key in key derivation, someone who acquired your data from our servers, would be in a position to run automated password guessing software against that captured data. The 100,000 rounds of PBKDF2-HMAC-SHA256 would certainly slow down such guessing, but it wouldn't make the attempt unfeasible. But because we blend in the Account Key, such an attack becomes entirely infeasible.
So now in answer to your main question:
How bad of an idea is it to put account keys in a shared vault? What is everyone else doing to get around this issue?
That is what I do within my family. We each have access to each others' Account Keys.
This does mean that I expect all of the members of my family to behave responsibly and not do anything like make my account key public. So this approach may not be right for every family, but I think it is a perfectly reasonable thing for some to do.
0 -
I'm putting the account keys (Emergency Kit) in my Primary Vault .. which I still sync manually via Dropbox to all my devices .. Account keys saved in a Family Vault doesn't help you if you need the account key to log into families.
0 -
The more I think about it, the more I like the idea of an "Emergency Vault" too, and it sounds like many folks are using a de facto version of something like that too. :sunglasses:
0 -
It's basically the same scenario as giving someone else "Organizer" privs. You need to trust the person AND you need to trust that they protect their devices as well as you. My family falls into the second category. Sometimes it's hard to believe they are related to me ;-)
0 -
Ha, true enough! But they can be taught. Hopefully 1Password Families can help with that in time. :)
0 -
See my comment here (https://discussions.agilebits.com/discussion/comment/298226/#Comment_298226) for an outline of how I am using the software currently to both mitigate my risk of ever being locked out from my own data as well as how I solve the bootstrapping problem you describe, all of which is accomplished without creating shared secrets with a third party (which would be a compromise of my security)
0 -
lol. I'm wishing upon a star
0 -
I'd like to offer a minor correction/clarification to something @rr0ss0rr said
It's basically the same scenario as giving someone else "Organizer" privs. You need to trust the person AND you need to trust that they protect their devices as well as you.
You are absolutely correct that in both the scheme of who you share your Account Key with and who you chose as a co-organizer involve making decisions about the reliability of these other people in managing some tricky stuff. But from a security point of view Organizers have very different powers than someone with your Account Key.
An Organizer has the power to add and remove people, to delete vaults, and perform recovery. Those are enormous powers. (Though we still encourage that there be multiple Organizers so that not everything depends on just one person.) By contrast, someone who has your Account Keys can't get at anything unless they can crack your Master Password.
So yes, in both cases you need to make judgements about your various family members, but the actual security implications are very different.
0
