Is it possible to reset the Account Key? (in the case where it may have been compromised)

MrMoo
MrMoo
Community Member

Hi all,

I've signed up to 1Password for Families and very happy with it thus far, I greatly admire the security and I must say its very cleverly designed to ensure even the AgileBits servers can't decrypt the data without the Account Key and master password! :) Good job! :)

My question is: Can the Account Key be changed / reset, in the case it might have become compromised?

As the Account Key is stored on all clients used to access the service (and in a cookie/local storage if you use the browser version), as well as printed out and kept in a secure place in my home. If this were found out by a malicious user for some reason, then even if my master password is still safe, this would be one part of the two-factor authentication being compromised, and if I was suspicious of this occurring, ideally I would want to change the Account Key.

I'm not in this situation now, but I would like to know if this is currently possible / or is going to be possible? Thanks,

MrMoo


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • nmott
    nmott
    1Password Alumni

    Hi @MrMoo,

    You can reset the Account Key by going through the recovery process, as outlined in this tutorial:

    1Password Teams Admin Guide: Account Recovery

    Don't worry that it says 1Password Teams; the process is the same for 1Password Families, but with family organizers instead of team admins. :)

  • MrMoo
    MrMoo
    Community Member

    Hi @nmott,

    Thanks for the reply, that does makes sense that the Account Key gets regenerated through a recovery! :) I presume there is no way to start a recovery process for yourself though if you wanted to reset the Account Key without involving a Family Organiser / Team Admin? If not, that would be a very low priority feature request from me.

    (I presume for the most part people would wonder why you would need a recovery for yourself, as if you can access the recover button, then you must be able to access your account)

    MrMoo

  • Hi @MrMoo,

    You can also go to "My Profile" in the web app and click the little pencil icon beside the Account Key to re-generate it:

    That's a much simpler way than going through recovery (which you cannot do on your own account).

  • MrMoo
    MrMoo
    Community Member

    Thanks @JasperP, I didn't notice that before! :) Excellent, thats all my questions answered!

    MrMoo

  • nmott
    nmott
    1Password Alumni

    :+1: :)

This discussion has been closed.