Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
Can we add an extra layer of encryption within 1 password?
Hi All,
I currently use 1 password for family - been using it for I suppose 5+ years now.
In terms of security architecture, I understand that our master password on the client tool locks everything and sends it to server ( everything in 1 password on the server side is encrypted). Is this correct?
Is there a way to add a layer of scrambling here? for example let's say I have my credit card, expiration date, and code all stored in 1 password - is there a way for me to either hide it ( needs an additional password to bring it forward) or have the ability to scramble this data that only reveals the accurate info after an additional layer of security?
Thanks
Hello julesmiles! 👋
Thanks for reaching out! I'm happy to go into detail on how 1Password protects the important information that you save into your 1Password account.
1Password uses your account password to encrypt and protect your data locally and someone with access to your device won't be able to unlock 1Password without knowing your account password. However, 1Password doesn't just use your account password to protect your data once it leaves your device. Your data is protected using an encryption key that is the combination of your account password and your Secret Key: About your Secret Key
Even if someone were to learn your account password they would be unable to get their hands on your data from our servers without also having the Secret Key. Beyond your account password and Secret Key, 1Password also uses Secure Remote Password (SRP) and Transport Layer Security (TLS) to protect your data when it leaves your device: How Secure Remote Password protects your 1Password account
This means that your 1Password data is protected using three layers of encryption. You can read more about our security model here: About the 1Password security model
-Dave
3 Replies
- 1P_Dave
Moderator
Hello julesmiles! 👋
Thanks for reaching out! I'm happy to go into detail on how 1Password protects the important information that you save into your 1Password account.
1Password uses your account password to encrypt and protect your data locally and someone with access to your device won't be able to unlock 1Password without knowing your account password. However, 1Password doesn't just use your account password to protect your data once it leaves your device. Your data is protected using an encryption key that is the combination of your account password and your Secret Key: About your Secret Key
Even if someone were to learn your account password they would be unable to get their hands on your data from our servers without also having the Secret Key. Beyond your account password and Secret Key, 1Password also uses Secure Remote Password (SRP) and Transport Layer Security (TLS) to protect your data when it leaves your device: How Secure Remote Password protects your 1Password account
This means that your 1Password data is protected using three layers of encryption. You can read more about our security model here: About the 1Password security model
-Dave
Thanks 1P_Dave . Okay that makes sense.
So if people have access to my device and the password - then they can see what' on my machine.
If people need to see what's stored on 1 password servers - then they need my password + secret key.
I usually have a copy of the secret key in the emergency kit document. Do we have any recommendations for software that can encrypt the data stored on mac? Op Sec is hard work :), I just want to make sure I have enough measures in place.
- 1P_Dave
Thanks for the reply! macOS has a built-in tool called Disk Utility which can encrypt external drives or create encrypted .DMG files: Encrypt and protect a storage device with a password in Disk Utility on Mac
If you have a personal safe then printing a copy of your Emergency Kit and storing it there is also a popular choice.
-Dave
