Where are passwords decrypted when logging into the 1password website?

Blackcat
Blackcat
Community Member

I understand how security works when encryption/decryption is happening inside the app on the computer or phone, but I don't understand how it works when logging into the website. I'd like to understand that, and how secure it is compared to using cloud syncing, but doing all encryption/decryption on the app.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Where are passwords decrypted when logging into the 1password website?

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Blackcat: It's an interesting question because what isn't necessary obvious is that it's basically the same whether you're using a native app you've installed or the web interface: In both cases, all of the crypto is done locally on your device. Also, the items themselves are decrypted and stored in memory temporarily, but only as you access them. So when you unlock the 1Password app or login to the website, you're not decrypting all of your data at that time. In any of these cases, your Secret Key (F.K.A. Account Key) and Master Password are used to encrypt and decrypt data on your device itself and never transmitted anywhere. I hope this helps. Be sure to let me know if you have any other questions! :)

  • Blackcat
    Blackcat
    Community Member

    Thanks! So if I, say, access the website from my browser on my computer, it downloads javascript code from your website that identifies me sufficiently to the online database, which then allows me to download the entire database, and the javascript running on the browser then decrypts whichever specific item I open?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2017

    @Blackcat: Indeed, the 1Password.com web app runs right in your browser locally and does all of the crypto there since we don't want anyone's Master Password or Account Key (or raw data!) to be transmitted. Cheers! :)

  • Blackcat
    Blackcat
    Community Member

    Thanks!!

  • On behalf of brenty, you're welcome :)

This discussion has been closed.