Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Secret Key storage in iCloud keychain -- toggle?
Hi there, I have read through some explanations of why the Secret Key is safe to be stored in the iCloud keychain by default, but I'd really rather it just weren't. Is there any way to turn this be...
I humbly request adding a toggle to turn this off please. I also do not want this behavior. You have lots of settings to let us choose between convenience and security, and this is a case where I want the option.
1P_Dave
Moderator
ModeratorYour Secret Key is stored in the Apple Keychain in an encrypted form protected by Apple’s platform security architecture. Access to Keychain items is restricted by the operating system and tied to the security of the user’s device and account.
Importantly, the Keychain data alone is not sufficient to add your 1Password account to another device. Your account password is always required to decrypt your account data, and if two-factor authentication is enabled, that authentication is also required before the account can be added to a new Apple device signed in using your Apple Account.
That being said, can you tell me a little more about your concerns? I would be happy to share your feedback with our team.
-Dave
I'd be happy to share more about my concerns. Just for context, I am a software developer and security consultant, so I understand the tradeoffs and options reasonably well. I understand the other layers of protection in place, and that this only skips one of them and only when I authenticate my Apple account.
For me, it's a question of me being the one to make the decision. I want to decide who I trust and how much. I admit, I trust Apple far more than Google or Microsoft or probably any other massive tech company. But I trust you folks at 1Password more. I chose 1Password back in I think 2013, and have never regretted the choice. I teach online security to my friends, family and in my podcast. I enthusiastically recommend 1Password. I choose 1Password, not Apple, to trust with my passwords. You deciding to extend that trust to Apple without warning me, asking my consent, and what's worst of all, without providing an option to decline that consent, I find disappointing.
You've continued to add options that users can choose to balance between convenience and security, like the ability to unlock your vault with your device. I'm so grateful that's an option, because I will never turn it on. I just want this to be an option too, like so many others you have.
To be clear, I am not demanding this. This is not remotely a deal breaker for me, especially since there's a relatively easy work around by disabling the Keychain syncing. But I see little downside to adding this option. Obviously I don't know the internal code of 1Password, but I know coding well enough in general to have some level of confidence in asserting that it would not be a huge work effort to add this option. Therefore, I once again humbly request you add the option to toggle this off.
Thanks for listening. The 1Password community forum is definitely one item on my (very long) list of reasons I love and promote 1Password frequently.
- 1P_Dave
Thank you for taking the time to share your feedback! And for being part of 1Password for so many years! I've shared your comment and your request with our team internally.
Just one quick note for clarity: on Apple devices, 1Password has stored certain account information (including the Secret Key) in the Keychain for a long time (including in versions that predate 1Password 8, such as 1Password 7). This isn’t a recently added feature, but part of 1Password’s long-standing design to balance convenience and security and help prevent customers from being locked out if they lose access to both 1Password and their Emergency Kit.
-Dave
CFP-19952
