Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Super secure items
I have, basically, access to my entire life in 1password now and it's making me a bit twitchy. Is there a way to add a second layer of passwords to some items?
I.e I would love if I could ve required to enter a second, different, password to access my bank details, credit cards, and passport. This would mean that even if my master password became know at least my most important details would still be safe.
Even better if I could set these items up to require that password on every access rather than just once per session. Some things are worth that extra layer of confirmation.
Hey dgkimpton
For this, I generally use salting with a 4-character salting key that only I know. When saving banking or highly sensitive passwords, I add these characters after 1Password auto-fills the saved password. I’ve also added a tag to identify which passwords require this salting key. This way, even if someone gains access to my 1Password account, they still won’t be able to log in due to the additional salting key.
10 Replies
- 1P_Dave
Moderator
Hello dgkimpton! 👋
Thank you for the feedback! 1Password is designed to offer the same level of encryption-backed protection for all of the items that you store in 1Password. There aren't different security levels for different items since we want all items to be protected using the same high level of security without having to require users to configure additional options. And, unlike other services that you might use, 1Password uses encryption in addition to authentication to protect your data: Authentication and encryption in the 1Password security model
Your data is protected using both your account password and Secret Key. Even if your account password was compromised, an attacker would need your Secret Key to access your account on a new device: About your Secret Key
That being said, I've filed a feature request on your behalf. Our product team will consider your request for future versions of 1Password.
-Dave
PB-50873578
I’d like to strongly support this feature request. In my opinion, 1Password needs an option to protect some “super sensitive” credentials (like banking, brokerage and rare-but-critical accounts) with an additional layer of security beyond the normal app unlock. 1Password's cloud data encryption and security won't help at all if someone unauthorized takes our smartphone (or breaks into it and tracks us live, for example, as we use the unlocked 1Password app).
In real life many people work in shared environments (coworking spaces, open-plan offices, shared home computers, etc.). If someone briefly gets access to an already-unlocked session of 1Password (or if a hacker temporarily gains remote control over a smartphone or computer), it’s bad enough that they could grab a lot of everyday passwords – but it’s catastrophic if they can immediately access all banking and financial logins as well.
If 1Password allowed us to create several “tiers” of vaults (or groups of items) with different unlock requirements and timeouts, then the most sensitive and rarely used passwords could remain protected even if the lower-sensitivity vaults were compromised. Losing one group of credentials would be a serious incident, but not an instant life disaster.
Today, a sudden complete loss of all passwords can mean a huge personal tragedy. Having one or more extra-protected vaults, requiring a separate unlock step, would significantly reduce the real-world impact of such a breach and would make 1Password much safer for people who store their entire digital life in it.
- 1P_Timothy
Community Manager
Hi ncc1071d! Thanks for writing in and sharing this detailed use case. I cannot promise such a feature will be added but I've shared your comments with our team.
If I can boil your post down, it sounds like you're concerned about someone gaining temporary access to your device while 1Password is unlocked. I understand it's not quite what you're looking for, but have you had the chance to check out our new unlock features (there's a great write up in our blog)? While it's still app wide, we've added more options to balance security and convenience when unlocking 1Password. You could, for example, set 1Password to lock after 1 minute of idle time, to unlock with your device password, and to require your full password daily. This could make it easy (for you) to get back up and running again, but help avoid any unwanted access. There are a number of different options to get granular with. I definitely get that you have a specific use case in mind and this isn't quite a match, but just wanted to mention it! Thanks again for sharing this with us.
52234697
Hi Dave,
Thanks - that matches my current understanding but I was looking for little something extra specifically for the situation when my main device (mobile) is taken whilst logged in - obviously if I've already unlocked my device and 1Password (or my master password was known) then everything is immediately compromised. Whereas, if I can protect a few really important items with an additional password layer which is only ever unlocked for a few seconds it would really reduce my risk factor during device theft. It would, admittedly, be annoying to use but for things like access to savings accounts it would be very comforting.
cheers!
Hey dgkimpton
For this, I generally use salting with a 4-character salting key that only I know. When saving banking or highly sensitive passwords, I add these characters after 1Password auto-fills the saved password. I’ve also added a tag to identify which passwords require this salting key. This way, even if someone gains access to my 1Password account, they still won’t be able to log in due to the additional salting key.This is probably the best acheivable at the moment indeed. I think I might well implement this, thanks for the suggestion!
Also consider that this could be even more secure with multiple suffixes. For example one suffix for financial sites and another for social media sites. There are many other ways to tweak this approach to further enhance security.
I think this could only work in the threat scenario you describe is if these super secure items were encrypted separately from the rest of the data. This would involve another layer of key management, export/import difficulty, recovery options, support costs, etc.
The other scenario is unauthorised access to the unlocked Vault, e.g. on the unattended desktop or mobile device during the interval before it automatically locks. This is where there might be some value to being prompted again for the master password.
One approach would be to have more than one category of Vault, with a type of Vault which can be searched, but unlocking only provides one-time access to only a single item.
This is something which would be much easier and less costly to implement than another layer of encryption (especially since I'm not doing the work).I like this idea. It’s somewhat like the iOS hidden folder. You could requires certain items to either use a biometric or a physical Fido key to access, raising the level of security for just those most important items .
