Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Secret Key unencrypted within browser developer settings - normal behavior?
Hi there, today I found out, when I go into my developer section of any of my browsers I found out, that 1Password does store a lot about your account: mail-address username vault name creation...
Hello dragon1! 👋
As outlined in our Security Design White Paper, your Secret Key is stored locally on your device, with 1Password relying on operating system protections where possible (which can vary by platform). In the browser, it’s stored in local storage and typically remains there unless that storage is cleared. In both the apps and the browser, the Secret Key is locally accessible, this is intentional and consistent with 1Password’s security model.
The Secret Key is not designed to protect your data on your device; it protects your data while stored on 1Password’s servers. On your device, your account password is what protects your data, meaning that even with local access, someone would still need your account password to decrypt and access your vaults. You can read more about the Secret Key here:
Please also see section 10.2 Locally exposed Secret Keys in our Security Design White Paper.
-Dave
1P_Dave
Moderator
ModeratorHello dragon1! 👋
As outlined in our Security Design White Paper, your Secret Key is stored locally on your device, with 1Password relying on operating system protections where possible (which can vary by platform). In the browser, it’s stored in local storage and typically remains there unless that storage is cleared. In both the apps and the browser, the Secret Key is locally accessible, this is intentional and consistent with 1Password’s security model.
The Secret Key is not designed to protect your data on your device; it protects your data while stored on 1Password’s servers. On your device, your account password is what protects your data, meaning that even with local access, someone would still need your account password to decrypt and access your vaults. You can read more about the Secret Key here:
Please also see section 10.2 Locally exposed Secret Keys in our Security Design White Paper.
-Dave
