Storing master password in 1password?
Long time 1password user here, recently switched over to the subscription service so that I could use 1password v6 on windows. Now when I login to https://my.1password.com I supply both account key and master password. So of course the 1password chrome extension is offering to "save" this information for me. I told it to go ahead and save, but now wondering if this is a good idea? Now I am not only storing all my normal passwords in my personal vault, but the "keys to the kingdom" there as well. A bit of the chicken and the egg problem.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
And I guess I have the same question about the emergency kit document. I would like to store as a document in my 1password vault, but wondering if I should.
0 -
You definitely need store them somewhere outside 1Password in order to get into your vault. The Master Password should be stored in your head in my opinion. The Account Key can be stored on the Emergency Kit and perhaps printed out and stored physically somewhere safe. Storing these in 1Password itself doesn't hurt but it doesn't help you either.
0 -
@timminator: Indeed, there's no harm in storing the Emergency Kit or Master Password in your vault; it's no different than locking your keys in the house: safe, but not necessarily useful. However, like having a door code, if you're able to access your vault on a device without the "key", that can help you retrieve it if you lose it — for example, using Touch ID on your iPhone to unlock 1Password if you can't remember the Master Password. Not something I'd want to rely on, but possibly helpful.
Really what we recommend though is storing the Emergency Kit in a safe deposit box for true emergencies. Under most circumstance you won't need your Account Key, as it's only required when authorizing a new device/browser. But you should definitely commit your Master Password to memory, as it will be needed to access your data under most circumstances. As far as storing these credential in the browser permanently, this isn't something we recommend especially if others have (or could have) access to your computer. It's up to you though. Cheers! :)
0