Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Super secure items
I have, basically, access to my entire life in 1password now and it's making me a bit twitchy. Is there a way to add a second layer of passwords to some items? I.e I would love if I could ve require...
Hey dgkimpton
For this, I generally use salting with a 4-character salting key that only I know. When saving banking or highly sensitive passwords, I add these characters after 1Password auto-fills the saved password. I’ve also added a tag to identify which passwords require this salting key. This way, even if someone gains access to my 1Password account, they still won’t be able to log in due to the additional salting key.
1P_Dave
Moderator
ModeratorHello dgkimpton! 👋
Thank you for the feedback! 1Password is designed to offer the same level of encryption-backed protection for all of the items that you store in 1Password. There aren't different security levels for different items since we want all items to be protected using the same high level of security without having to require users to configure additional options. And, unlike other services that you might use, 1Password uses encryption in addition to authentication to protect your data: Authentication and encryption in the 1Password security model
Your data is protected using both your account password and Secret Key. Even if your account password was compromised, an attacker would need your Secret Key to access your account on a new device: About your Secret Key
That being said, I've filed a feature request on your behalf. Our product team will consider your request for future versions of 1Password.
-Dave
PB-50873578
I’d like to strongly support this feature request. In my opinion, 1Password needs an option to protect some “super sensitive” credentials (like banking, brokerage and rare-but-critical accounts) with an additional layer of security beyond the normal app unlock. 1Password's cloud data encryption and security won't help at all if someone unauthorized takes our smartphone (or breaks into it and tracks us live, for example, as we use the unlocked 1Password app).
In real life many people work in shared environments (coworking spaces, open-plan offices, shared home computers, etc.). If someone briefly gets access to an already-unlocked session of 1Password (or if a hacker temporarily gains remote control over a smartphone or computer), it’s bad enough that they could grab a lot of everyday passwords – but it’s catastrophic if they can immediately access all banking and financial logins as well.
If 1Password allowed us to create several “tiers” of vaults (or groups of items) with different unlock requirements and timeouts, then the most sensitive and rarely used passwords could remain protected even if the lower-sensitivity vaults were compromised. Losing one group of credentials would be a serious incident, but not an instant life disaster.
Today, a sudden complete loss of all passwords can mean a huge personal tragedy. Having one or more extra-protected vaults, requiring a separate unlock step, would significantly reduce the real-world impact of such a breach and would make 1Password much safer for people who store their entire digital life in it.
- 1P_Timothy
Community Manager
Hi ncc1071d! Thanks for writing in and sharing this detailed use case. I cannot promise such a feature will be added but I've shared your comments with our team.
If I can boil your post down, it sounds like you're concerned about someone gaining temporary access to your device while 1Password is unlocked. I understand it's not quite what you're looking for, but have you had the chance to check out our new unlock features (there's a great write up in our blog)? While it's still app wide, we've added more options to balance security and convenience when unlocking 1Password. You could, for example, set 1Password to lock after 1 minute of idle time, to unlock with your device password, and to require your full password daily. This could make it easy (for you) to get back up and running again, but help avoid any unwanted access. There are a number of different options to get granular with. I definitely get that you have a specific use case in mind and this isn't quite a match, but just wanted to mention it! Thanks again for sharing this with us.
52234697
You explained it much better than I did - but, yes, that is exactly the scenario I was thinking about.
