Forum Discussion
Super secure items
Hey dgkimpton
For this, I generally use salting with a 4-character salting key that only I know. When saving banking or highly sensitive passwords, I add these characters after 1Password auto-fills the saved password. I’ve also added a tag to identify which passwords require this salting key. This way, even if someone gains access to my 1Password account, they still won’t be able to log in due to the additional salting key.
I think this could only work in the threat scenario you describe is if these super secure items were encrypted separately from the rest of the data. This would involve another layer of key management, export/import difficulty, recovery options, support costs, etc.
The other scenario is unauthorised access to the unlocked Vault, e.g. on the unattended desktop or mobile device during the interval before it automatically locks. This is where there might be some value to being prompted again for the master password.
One approach would be to have more than one category of Vault, with a type of Vault which can be searched, but unlocking only provides one-time access to only a single item.
This is something which would be much easier and less costly to implement than another layer of encryption (especially since I'm not doing the work).
