Master passwords are now inherently online? And q's about an upgraded install

@alexisrosen:

Great questions!

It's required to log into your web site, which means you're either storing it, or some hash of it, but in any case you're getting the clear text in flight (well, in your server, not on the wire, because https), which means anyone capturing your web server will then capture at the least the master passwords of anyone who logs in (if not the entire user base). How is this good?

We use a protocol called Secure Remote Protocol. In short, while it looks like my.1Password.com is a standard authentication based website, where the credentials you enter are sent to the server and verified on the server, that is in fact not the case. The client, in this case your browser, and the server both can derive a shared session key from secrets they have that stay on either the client, or the server. In other words, neither your account password, or full Secret Key is ever sent to us.

When I converted to 1P V7, It seems to have created a "master password" for logging into the web service, but my old master password was retained on the Mac I was upgrading. How does that work? Vault items are encrypted on my disk with my local (old) master password, but encrypted on your server with the new password? Or something else?

1Password 7 unlocks using this set of rules:

• If a Primary vault exists, then it unlocks using the Master Password for that vault, regardless of what, if any, 1Password accounts are signed in
• If a single 1Password account is signed in, then it unlocks using the Master Password for that account
• If multiple accounts are signed in, then it unlocks using the Master Password of the first added account

It sounds like when you created your 1Password account, you continued to have your Primary (standalone) vault added to 1Password for Mac. This would mean that 1Password on your Mac would continue to unlock using your Primary vault password, but signing in to my.1Password.com would use the account password for your 1Password account.

Is there some way I can change my LOCAL 1P vaults to the older master password, while leaving the online password alone, so this Mac will behave like my other Mac?

Because 1Password 8 doesn't support local vaults, 1Password 8 unlocks using only your account password (the one you use on my.1Password.com) or biometry like Touch ID or Apple Watch unlock.

For a look at our security model, we have this page here: About the 1Password security model

You're more than welcome to use sharing algorithms to split your Secret Key and share it with family members, but it's important to note that if you lose access to all your devices and don't have access to your Secret Key, it cannot be reset or recovered by us. Family organizers in a 1Password Families account are able to recover their family members, so that may be an option you'd like to take as well.

Jack

Hey @alexisrosen:

You're very welcome. In the situation you have with 1Password 7, 1Password 7 effectively stored a copy of your 1Password account keys encrypted with the password for your primary vault. Changing your account password means that the account keys changed as well.

To clarify, when I was referring to 1Password 8 not supporting "local vaults", what I meant in that case was standalone vaults, and I'd like to apologize for the confusion there. 1Password 8 keeps a copy of your data locally, so you can unlock 1Password, and view or edit items when you're offline, like on a plane for example.

I've shared your thoughts about using Shamir's Secret Sharing or similar to store your Secret Key with your family as a feature request. While I can't promise anything, we use feedback like yours to help inform the future of 1Password.

Jack

ref: IDEA-I-1619

Thanks again for your feedback! 😀

Jack