Where are passwords decrypted when logging into the 1password website?

I understand how security works when encryption/decryption is happening inside the app on the computer or phone, but I don't understand how it works when logging into the website. I'd like to understand that, and how secure it is compared to using cloud syncing, but doing all encryption/decryption on the app.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Where are passwords decrypted when logging into the 1password website?

Comments

  • brentybrenty

    Team Member

    @Blackcat: It's an interesting question because what isn't necessary obvious is that it's basically the same whether you're using a native app you've installed or the web interface: In both cases, all of the crypto is done locally on your device. Also, the items themselves are decrypted and stored in memory temporarily, but only as you access them. So when you unlock the 1Password app or login to the website, you're not decrypting all of your data at that time. In any of these cases, your Secret Key (F.K.A. Account Key) and Master Password are used to encrypt and decrypt data on your device itself and never transmitted anywhere. I hope this helps. Be sure to let me know if you have any other questions! :)

  • Thanks! So if I, say, access the website from my browser on my computer, it downloads javascript code from your website that identifies me sufficiently to the online database, which then allows me to download the entire database, and the javascript running on the browser then decrypts whichever specific item I open?

  • brentybrenty

    Team Member
    edited March 2017

    @Blackcat: Indeed, the 1Password.com web app runs right in your browser locally and does all of the crypto there since we don't want anyone's Master Password or Account Key (or raw data!) to be transmitted. Cheers! :)

  • Thanks!!

  • JacobJacob

    Team Member

    On behalf of brenty, you're welcome :)

This discussion has been closed.