Skip to main content
August 27, 2025
Question

How does the recovery of a private vault in the Family account work

  • August 27, 2025
  • 4 replies
  • 280 views

I’m trying to wrap my head around how private vault recovery works when someone forgets their Master Password. From what I understand, the Master Password plus the Secret Key are used to lock and unlock the keys that actually protect all the vault data.  The client device generates the Master Unlock Key each time a user accesses 1Password by providing the Master Password, which is combined with the Secret Key.  The asymmetric keys that are kept securely encrypted on the server, right?

If the Master Password is lost, the user can’t generate the Master Unlock Key to obtain keys, so they can’t get into their private vault. At that point, the account organizer can start the recovery process. 

What I don’t get is: what additional piece of information does the organizer and/or the server have that makes it possible to get back the keys needed to decrypt the vault?

I realize that the recovery process also involves extra safeguards, such as a secure email, which should keep outsiders locked out even if they somehow got the Secret Key. But if some piece of recovery data really is stored on the servers, what’s stopping a malicious insider from bypassing the email step and taking over the vault?

Could you point to documentation that explains this?

Thank you!

4 replies

August 27, 2025

The recovery process resets the account secret key.  The assumption would be that you have verified the user needing to be recovered, which I suspect is a non-issue for Family accounts. This resource should answer things: Recover accounts for family or team members | 1Password Support,

ivolvoAuthor
August 27, 2025

... and creates a new Master password. I understand this part. What happens after recovery is clear. Before recovery, a user doesn't have the keys to decrypt the vault content,
What I asked: what additional information does the process use to recover keys that decrypt the vault content? 

ivolvoAuthor
September 3, 2025

No takers to explain this part? I hope it is not secret information

1P_Dave
1Password Employee
September 10, 2025

Hello @ivolvo! 👋

I'm sorry for the delayed reply! We explain the recovery process in detail in our security white paper in section 12: Restoring a user’s access to a vault. You can find that section on page 35 here.

Let me know if you have any questions after giving that a read. 

-Dave

ivolvoAuthor
September 11, 2025

Thank you! An excellent review, trying to get thorough details. If any questions arise, will follow