Security of carrying my Account Key on a slip of paper in my wallet?

melorama
melorama
Community Member

I totally understand how the technical aspects of the Account Key works, with respect to Teams/Families accounts. But the one major point of friction that my family members and coworkers have all mentioned to me, is the requirement of being able to recall their account keys in addition to their master passwords.

I keep thinking of horror scenarios in my mind, such as losing or breaking your phone while traveling (which also means you lose access to your 1Password app) and you need to access your 1Password data on the web. Without the Account Key, you're totally hosed, which makes perfect sense, from a security standpoint. But it certainly would make your life a nightmare in the meantime.

So I got to thinking, maybe an acceptable solution would be to simply print the account key on a slip of paper (or even a more clever option, like the inside of your belt or shoes), and keep it in your wallet. Since the account key only suffices as the "something you have" portion of multi-factor authentication schemes, this would seem to be an acceptable compromise between security and convenience. If I lose my wallet with the account-key paper in it, whomever would find the wallet would have to A) Recognize the Account Key string as a 1Password for Teams/Family Account Key, B) Figure out my 1Password for Teams/Family login URL, and C) Figure out my master password, in order to compromise my account.

I keep trying to poke logical holes in this idea, and most of the scenarios I can think of where this would be a bad idea are situations where you would have way more important things to be worrying about than someone breaking in to your 1Password account.

Anyone have any thoughts on this?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @melorama! Thanks for sharing your thoughts. I totally hear you on the challenge of having a backup copy of the Account Key just in case. I travel quite a lot and while I take great care of my iPhone and MacBook, things can happen. I carry two extra copies of my family account's Account Key. One is in my wallet, the other in the backpack I use to travel, alongside my vitamin C and passport. I also keep a digital copy of my Emergency Kit on a flash drive that's in my backpack, as well as the one on my keychain. Why not be safe? :)

    As far as your Account Key's physical security goes when you carry it in a wallet, that's a tough one. You could carry it in a flash drive that's encrypted with your Master Password — this is how the 1Password app saves your Account Key, by encrypting it with your Master Password locally. Or you could just have it on a piece of paper by itself. It's not obvious what it is, and it's quite unlikely the person who finds it will know your Master Password as well. The key in both of those cases, of course, is your Master Password. Make it a strong one that you didn't think of — a random one, perhaps generated by 1Password itself. Only you know that, and it's the only thing you need to remember.

    Hope that provides a bit of inspiration from a global nomad. :sunglasses:

This discussion has been closed.