To protect your privacy: email us with billing or account questions instead of posting here.

1Password Security

Options
kawaikini
kawaikini
Community Member
edited June 2017 in Memberships

Our IT guy at work just told me "1Pass" got hacked and all our "secure" passwords were lost. Please advise.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: OS X10.11
Sync Type: Not Provided
Referrer: forum-search:Our IT guy at work just told me 1Password got hacked and all our "secure" passwords were lost. Please advise.

Comments

  • Frank
    Frank
    edited June 2017
    Options

    Hi @kawaikini - I'll be happy to help and I apologize for the incorrect information that was given to you. Maybe they were referring to another password manager. We are AgileBits, the makers of 1Password. In any event, your 1Password data is safe and fully encrypted with your Secret Key in conjunction with your Master Password. You're the only person who has access to the keys to decrypt your data. We don't store the keys on our end to ensure we have zero knowledge.

    There are three umbrellas of security in a 1Password membership. Before all of them is your Master Password and Secret Key. In the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But with a 1Password membership, the Secret Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Secret Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later — you're probably not going to remember the whole thing. ;)

    It’s great to have a Master Password and Secret Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Secret key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server. If you'd like to learn more about the security of 1Password, head to https://1password.com/security.

  • TDK1044
    TDK1044
    Community Member
    Options

    The Password Manager OneLogin got hacked, not 1Password. If your IT guy is that sloppy, I'd consider getting another one. :)

  • prime
    prime
    Community Member
    Options

    @TDK1044 :lol: :lol:

  • Ben
    Ben
    Options

    :)

    Ben

This discussion has been closed.