Is my data safe if 1password itself gets hacked?

atm586t7
atm586t7
Community Member

I'm new to the security game and trying to get my house in order. I apologize in advance if this is a novice question. From what I can tell 1password helps me make everything more secure on my end, however the biggest concern I have is when the company itself gets hacked. Its one thing if its Facebook and they get relatively low level info on me that may or may not help them to gain access elsewhere. But what happens if 1password gets hacked and the data is ALL my highest level information - and ultimately complete access to all areas in my online life?

From what I'm reading there are plenty of safeguards created by 1password to keep things safe. But is there ever a spot that my data on any level can be accessed by somebody else if the worst of worst scenarios plays out and 1password has a data breach?

Thanks in advance!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Is my data safe if 1password itself gets hacked

Comments

  • AdamP
    AdamP
    Community Member
    edited April 2018

    You're asking all the right questions, if you ask me!

    If the data on the 1Password server was ever breached, it is still encrypted with 256-bit AES keys. That is to say, very strong encryption for which there is no realistic workable hack, and even a brute force attempt (trying every single possible key combination) would take on the order of billions of years if you had access to several expensive supercomputers.

    But even if a person who breached the data was looking for yours specifically and was somehow able to guess at your Master Password, the protection provided by your Secret Key would keep you safe.

    By design, neither your Master Password nor your Secret Key is ever known by 1Password. Your Secret Key is kept safe on your own devices, and your Master Password should be known only to you. The combination of these together unlocks your data on your device.

    They're doing a good job of keeping it safe in the first place of course, but you can rest assured that even in the worst-case scenario of a breach, your data is locked down pretty tightly. The 1Password white paper is a pretty worthwhile read (Story 1 on page 10 covers this very scenario), as are articles on the support site like this one.

    Hope this helps,

    Adam

  • Thanks for the assist here, @swivelman.

    You’re right to be concerned here, @atm586t7. The key here (no pun intended) is that your data is protected with end-to-end encryption where only you ever have the keys. This does mean that, for example, we cannot reset your password. We have no ability to do so because in order to do that we’d need to have the keys to decrypt your data, and that isn’t something that we want to have. Not having them means that even if the encrypted data is stolen from us it has very little if any value, as it can’t be decrypted without those keys.

    Ben

  • atm586t7
    atm586t7
    Community Member
    edited April 2018

    Awesome thanks @AdamP & @Ben, appreciate the explanations, super helpful. I'm gonna dive in!

  • Great. You’re very welcome. :)

    Ben

This discussion has been closed.