I loved this post and it is very reassuring. I do have one question about a particular passage,
"With Secure Remote Password, your Master Password and Secret Key are used to generate a new key, entirely separate from the one that encrypts your data. 1Password on your device sends the 1Password server a series of puzzles. Once solved, these prove to the server that you know your Master Password and Secret Key without having to share them. (Likewise, the server has to prove to your device that it holds the data you’re asking for). These puzzles are different every time the app connects to the server so they can never be replicated by an outside observer."
While this passage addresses the 1P app, etc., I am wondering about 1Password.com. When logging into 1P.com, we are asked to enter our email address, secret key and master password. The article does not address any aspect of 1P.com, so my question is what happens to our secret key, master password and email address when we login? If 1P were in fact hacked, can this info be accessed?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided