Why Is My Master Password Included in the Starter Kit and Inserted into the Vault?

Pythonista
Pythonista
Community Member

I have been a 1Password 4 license holder for years and recently switched to 1Password 6 for Families. Overall, great product. One thing I've noticed though is that my Master Password is stored alongside my Secret Key in the "Starter Kit" inside my private vault.

This is a problem since the Master Password shouldn't be stored ANYWHERE. You guys even mention that yourself on the site -- https://1password.com/security/

Master Password
"Not just the password you use to unlock your vault, it also plays a key role in encryption. Only you know your Master Password and it is not stored anywhere."

Why is this something that's done by default? It goes completely against what you guys said.

Am I correct in assuming that every new 1Password 6 customer has their Master Password stored in the vault by way of the Starter Kit unless they manually delete it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben
    edited February 2019

    Hi @Pythonista,

    Thanks for bringing up this point. This seems to be a case of the docs not having been updated to reflect new thinking that has been adpoted in the product. I’ll bring it to the attention of the docs team to see what their impression is.

    A large part of information security is availability and integrity. One of the common problems customers face is the loss of their 1Password credentials. Historically, and still today in some cases, losing your 1Password credentials means complete loss of your entire 1Password database. This is really not good for the availability component of information security. :) We’ve made improvements in this area through the ability for 1Password Families, 1Password Teams, and 1Password Business customers to recover accounts for other people on their membership:

    Recover accounts for family or team members

    There is still improvement to be made, as this does nothing (currently) for individual customers. One common scenario is that the person has forgotten their Master Password, but still has access to their vault via Touch ID. By having the Master Password in a Starter Kit item this person is able to recover, whereas without the Starter Kit they likely would’ve been faced with starting a new account.

    The starter kit is created for every new membership account.

    Ben

    ref: web/support.1password.com#1152, b5site-758

This discussion has been closed.