Confusion about Master Password in relation to AgileBits servers

RK97202

I'm not understanding something about Master Password security. On your web site, you say that the Master Password is never transmitted to your servers. Yet when I created the account, I had to enter my Master Password, and when accessing the account via web browser, I have to enter my Master Password. So how can you say that the MP is never transmitted to your servers? Cryptography is complicated, I get that, but common sense makes me worry that somehow there's a degree of exposure or compromise in this process.

---

1Password Version: 7.0.4
Extension Version: Not Provided
OS Version: OS 10.13.4
Sync Type: Not Provided

Ben

Hi @RK97202

So how can you say that the MP is never transmitted to your servers?

Because it isn’t. :) All of the decryption is done locally. We have a fairly in-depth white paper on how we’re doing this available here:

http://1pw.ca/whitepaper

I hope that helps!

Ben

RK97202

Thanks for the link to the White Paper. I was sure that you were doing it right, but didn't know enough to have an inkling as to why. Now I have an inkling!

Ben

Excellent. If after reading the white paper you have follow up questions we’d be happy to help.

Ben