Why does 1Password require Secret Key on login?
Hello,
As I am evaluating a password solution for our company I was baffled by the fact that 1password requires the private key during user login. A cloud service is supposed to be easily accessible by its users and requiring for the private key makes things quite complicated.
One of our requirements is that we can have access to our passwords via the web from guest environments, securely and this simply cannot be accomplished with the requirement of the private key.
I know some of you will cry foul for wanting to login to guest-machines, first of that's our risk to take and as it's required by the job that is what we need to do and we store relevantly sensitive records and secondly, in case where the guest environment might be compromised, the release of the private-key provides an irrevocable access to the hostile entity vs just a username/password combination that can easily change.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
As I am evaluating a password solution for our company I was baffled by the fact that 1password requires the private key during user login. A cloud service is supposed to be easily accessible by its users and requiring for the private key makes things quite complicated.
@thanpolas: Thanks for reaching out! In most cases, the Secret Key is only needed on the first login on a device, since you can authorize it to allow you to login with only the Master Password.
One of our requirements is that we can have access to our passwords via the web from guest environments, securely and this simply cannot be accomplished with the requirement of the private key.
Indeed, that's a very risky use-case for most people, so it isn't something we recommend or design around. I'd love to hear more about your specific use case though. Is there a particular reason why you can't/won't use the native 1Password apps?
I know some of you will cry foul for wanting to login to guest-machines, first of that's our risk to take and as it's required by the job that is what we need to do and we store relevantly sensitive records and secondly, in case where the guest environment might be compromised, the release of the private-key provides an irrevocable access to the hostile entity vs just a username/password combination that can easily change.
I suspect the Secret Key isn't what you think it is. "Provides an irrevocable access" is not accurate, as the Master Password is also needed to decrypt the data, and is therefore also required to login. And the Secret Key can be changed if it is compromised as well. Its purpose is to protect users against attacks against us. If the database is stolen from our server, an attacker won't be able to perform a brute force attack against your Master Password, as they'd also have to guess the (128-bit, randomly-generated) Secret Key.
It's important to us and our customers that we're not in a position to allow their data to be compromised by or through us. So neither the Master Password nor Secret Key is ever sent to us; we only get encrypted data. You can read more about how all of this works in our white paper, and we're happy to answer any questions you have. Thanks for taking the time to consider 1Password! :)
0