Psst! Password Sharing Deep Dive: Behind the Scenes How does it Work?

ooglek
ooglek
Community Member

1Password often provides deep detail on how the software and accounts keep our information safe.

I still use the offline 1Password with Dropbox Sync. If I can use share.1password.com and Psst!, I'd like to know how this copy of my Password Entry is handled.

  1. Transfer from my local computer to Psst! Sharing Servers
  2. How the data is encoded/encrypted on my local computer
  3. How the data is stored at rest when outside of my control
  4. What happens to the data after expiration (secure delete? just delete? stored in a cloud service?)
  5. What threat matrixes and attack vectors were considered when allowing an authenticated user (email + emailed OTP) to access the information and what mechanisms are in place to avoid credential disclosure to unintended parties

It's an awesome feature, I just want to know more about how the data is handled. I did not see anything in the blog post or in the associated links that went into the encryption in transit, at rest, and what happens to the data AFTER expiration. And also if the experience for 1Password Accounts is different than 1Password users that do not use accounts.


1Password Version: 7.8.8
Extension Version: ?
OS Version: MacOS 11.6

Comments

  • to_bias
    to_bias
    Community Member

    I believe, the functionality on a technical level of this new feature should be outlined in more detail in your whitepaper. Are there any plans to do that?

  • headhertz
    headhertz
    Community Member

    I am looking for more information on this feature also.

  • Hi folks! This feature relies on a 1Password membership to work and as such is not available when using a standalone vault. Standalone vaults will not be part of 1Password moving forward and as such new features such as Psst! are not likely to be designed with standalone vaults in mind. If you're interested in migrating to a 1Password account to continue to move forward with 1Password I'd recommend reaching out to our team at support@1password.com to discuss options.

    I'm working with our security team to see about getting updates made to the white paper and also perhaps a separate "security of" article for our knowledge base. I hope to have more to share soon.

    Ben

    ref: dev/web/support.1password.com#3009

This discussion has been closed.