Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Logging in with a Pass Phrase
Hello, everybody.
Brand new user here. Just purchased a Family License, to encourage my wife and kids to be more security conscious, and better organized, with their online lives.
I do all my work on a desktop computer (Windows 10); extremely rarely do I surf on a phone.
Spent some time exploring and experimented by adding information for a few accounts.
LOTS of questions.
First two (re: logging in):
The discussions talk about creating a Master Password. Does this term actually mean "Pass Phrase"? I mean, instead of using a single word or mixed-up-one-long-word, can users use an entire phrase? For example, a complete paragraph from Shakespeare, including punctuation and attribution? A quote from Plato (in Greek letters)? Can it include the French character accent grave or the German umlaut?
So far, every time I've logged in, I'm prompted for my password AND Secret Key. The Secret Key is like just a second password that is used each I log in. So I keep it handy in a plaintext document on my desktop: copy-and-paste. But this doesn't seem very secure; like it's defeating the point of using 1Password. Am I doing something wrong? What is "best practice"?
1 Reply
The (Master) Password can and should be a passphrase, since both are just a string of text. What makes a passphrase useful and comparatively more secure is that for a typed credential it is both easier to remember and longer.
As I'm sure you know, a good passphrase cannot be a well-known phrase - not even with elite hacker substitutions or a "!" at the end.
If you are also the kind of person who like to test the limits of setting up credentials, then you'll know that the unspecified and silent limitations of choices are the most problematic. Forms often don't limit length to the actual length limit and almost never even try to deal properly with character sets.
🔐 is a fifty-two character password, but probably won't work anywhere.
The Secret Key is a second password which is typically only used when setting up access to your 1Password account for the first time on a "device". If you are frequently using it, then you are doing something wrong or highly unusual. You say "log in", but don't say to what or how.
A plain text (unencrypted) document on your desktop isn't a great place to store a secret, but a risk assessment might conclude that the access to the document is about the same as the access to your 1Password client, or browser session, or equivalent. When used normally, it should be stored in a password manager, and a safely filed printed Emergency Kit.
