Secret key partly saved on login page
Hi there!
I'm trying out the 1Password subscription (not a fan of the solution for multiple reasons, but it is what it is). When I sign out of my account on the 1Password website, the login page saves the first 8 characters of my secret key. Isn't saving the e-mail adress enough for the user? If it for some reason needs to be there, is as much as 8 characters really necessary?
I know I can clear the login completely, but that's beside the point. The secret key is supposed to be secret, so I find this default behavior pretty strange.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hi @1Christofer:
Great question! The first 8 characters of the Secret Key:
A3-R69SQKare a version identifier:A3, and then a six character identifier:R69SQK. That portion is non-secret and is known to 1Password, and helps us when troubleshooting. Your Secret Key protects your data when on our servers, your account password protects your data on your devices. For more details on the Secret Key, see here: About your Secret KeyJack
0 -
I had already looked at the page you linked, but missed the bottom part where it's clarified. Thanks for the quick answer!
0 -
You're very welcome @1Christofer! :smile:
0 -
A quick followup question. I have turned of iCloud Keychain on my Mac and iOS device to stop my secret key from being synced to my Apple account, but to do this for Android devices, do I need to completely turn off the device backup to my Google account (I'm only using the built in backup solution that Google provides) for the whole phone to keep it from syncing the secret key to the Google account? If so, is there any way to sync everything except the 1Password data and/or 1Password secret key? I rather setup a new Android with the secret key by myself than have the convenience of having it backed up at Google and Apple.
0 -
Hey @1Christofer:
As it currently stands, disabling backing up your phone entirely with Google would be your best option to disable the Secret Key being backed up.
Jack
0 -
Is it possible to do a feature request for a setting to turn it off? (I'm aware the chance of it going through is very small.) I know the account still is protected by my own 1Password password, but still... can't even imagine what it would be like getting it compromised.
0 -
I will be happy to pass your suggestion to the development team @1Christofer :+1:
0
