Forum Discussion

New Contributor

3 years ago

Secret key visible on web page.

I understood that the Secret Key was set up on my local system and never travels to the 1Password on cloud database. So I was surprised to see that I can view it under "My Profile" in the 1Password. ...

browser extension

Former Member

3 years ago

elliotg22 Browsers have a small local storage facility, a small database where web apps can store complex and private session data beyond to what cookies do. Stuff the web server doesn't need to know. The secret key is queried and stored in this local storage when you login. It's not sent to the web server, the Javascript on the website is using that only locally.

Finally, what you see is the secret key pulled from the local store of your web browser by the website's Javascript. The web server is only serving the Javascript code, it doesn't run it. It does run locally in your browser.

Forum Discussion

Secret key visible on web page.

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Feature request: encrypted 1pex

Need a PDF viewer please!

Emergency access - people I trust that may ask to access my account in case of an emergency

Date format is incorrect in 1Password for iOS

How to add an android app to "Passwords" category