Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Secret Key storage in iCloud keychain -- toggle?
Hi there,
I have read through some explanations of why the Secret Key is safe to be stored in the iCloud keychain by default, but I'd really rather it just weren't. Is there any way to turn this behavior off?
If not, can you give me a good explanation of why you think the iCloud keychain is so secure that it warrants this kind of privilege? It has 2fa, requires my password, I'm aware of all that -- I'm pretty happy with iCloud keychain security -- but I choose 1password to store my passwords in because I've been happier with yours, but not needing my secret key on a new device doesn't make me happy.
It seems utterly bizarre to me that a company so focused on security would not have it be an option, but it looks to me like it's not -- I'm hoping it's just not obvious where it is.
Please let me know how to turn it off :) :) :)
7 Replies
Thank you for that additional information. It's a good point. I have a close friend who used a different password manager a few years back, and ended up losing access to all their passwords. Helping customers avoid having this happen to them is definitely a priority, and probably even a reasonable default (I grudgingly concede :), given the tradeoffs for the average user. Most people would probably find it a welcome surprise to have it work on a new device with just their master password or even more likely not be surprised at all because by the time they setup a new device, they have forgotten entirely about the Secret Key being needed.
I'm sure it would be tough to explain these tradeoffs effectively especially without scaring or confusing people. Tricky.
Thank you.
Thank you for that additional information. It's a good point. I have a close friend who used a different password manager a few years back, and ended up losing access to all their passwords. Helping customers avoid having this happen to them is definitely a priority, and probably even a reasonable default (I grudgingly concede :), given the tradeoffs for the average user. Most people would probably find it a welcome surprise to have it work on a new device with just their master password or even more likely not be surprised at all because by the time they setup a new device, they have forgotten entirely about the Secret Key being needed.
I'm sure it would be tough to explain these tradeoffs effectively especially without scaring or confusing people. Tricky.
Thank you.
P.S. I tried to move this reply to the proper subthread above, but it said my post limit was exceeded so here it stays.
I humbly request adding a toggle to turn this off please. I also do not want this behavior. You have lots of settings to let us choose between convenience and security, and this is a case where I want the option.
- 1P_Dave
Moderator
Your Secret Key is stored in the Apple Keychain in an encrypted form protected by Apple’s platform security architecture. Access to Keychain items is restricted by the operating system and tied to the security of the user’s device and account.
Importantly, the Keychain data alone is not sufficient to add your 1Password account to another device. Your account password is always required to decrypt your account data, and if two-factor authentication is enabled, that authentication is also required before the account can be added to a new Apple device signed in using your Apple Account.
That being said, can you tell me a little more about your concerns? I would be happy to share your feedback with our team.
-Dave
I'd be happy to share more about my concerns. Just for context, I am a software developer and security consultant, so I understand the tradeoffs and options reasonably well. I understand the other layers of protection in place, and that this only skips one of them and only when I authenticate my Apple account.
For me, it's a question of me being the one to make the decision. I want to decide who I trust and how much. I admit, I trust Apple far more than Google or Microsoft or probably any other massive tech company. But I trust you folks at 1Password more. I chose 1Password back in I think 2013, and have never regretted the choice. I teach online security to my friends, family and in my podcast. I enthusiastically recommend 1Password. I choose 1Password, not Apple, to trust with my passwords. You deciding to extend that trust to Apple without warning me, asking my consent, and what's worst of all, without providing an option to decline that consent, I find disappointing.
You've continued to add options that users can choose to balance between convenience and security, like the ability to unlock your vault with your device. I'm so grateful that's an option, because I will never turn it on. I just want this to be an option too, like so many others you have.
To be clear, I am not demanding this. This is not remotely a deal breaker for me, especially since there's a relatively easy work around by disabling the Keychain syncing. But I see little downside to adding this option. Obviously I don't know the internal code of 1Password, but I know coding well enough in general to have some level of confidence in asserting that it would not be a huge work effort to add this option. Therefore, I once again humbly request you add the option to toggle this off.
Thanks for listening. The 1Password community forum is definitely one item on my (very long) list of reasons I love and promote 1Password frequently.
- 1P_Dave
Hello onlyanegg! 👋
Welcome to the community! When you add your 1Password account to the 1Password app on one of your Apple devices (such as a Mac, iPhone, or iPad), 1Password stores an encrypted version of your Secret Key in the iCloud Keychain which is securely synced to all of your Apple devices. The next time that you need to add your 1Password account to another device you'll only be asked for your account password since the 1Password app will retrieve your Secret Key from iCloud Keychain.
The Secret Key is stored encrypted and can only be accessed by you. This process safely and securely backs up your Secret Key and saves you from having to type it into all of your devices. You'll always need to enter your account password, which isn't stored, in order to decrypt your data and access your passwords and other items.
The only way to stop the encrypted version of your Secret Key from syncing to iCloud Keychain would be to turn off iCloud Keychain on all of your Apple devices. Then, the Secret Key would still be saved to the local keychain but it wouldn't be synced to your Apple account.
-Dave
