Encrypted at rest when locked?

Moderator

2 years ago

Hello @maldroid! 👋

That's a great question! When 1Password is locked on your devices, your data is encrypted at rest and requires your account password to decrypt your data and unlock 1Password. If you use biometric unlock then the secret used to decrypt your data is stored in the Trusted Platform Module (TPM) and can only be accessed by you.

As soon as 1Password is locked, whether by restarting your device or having auto-lock get triggered, all vault data is encrypted until you unlock 1Password again.

This implies that there are no feasible physical or hardware-based attacks capable of extracting the encryption key.

Can you clarify a little more about the specific sort of attack that you're referring to? I would be happy to go into greater detail once I learn more.

In the meantime, you can learn more about our security design by taking a look at our white paper: https://1passwordstatic.com/files/security/1password-white-paper.pdf

-Dave

Forum Discussion

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

High background usage on iOS 26

Recent autofill issues on Android and iPadOS

Multiple email addresses but only shows one option on AutoFill

When I open Safari on my iMac, why is there no padlock symbol on the 1Pass icon in the toolbar?

Has something changed: http:// not filling in any more?