Storing Master Password and Account Key in Primary Vault
Is it considered bad practice to store my Master Password and Account Keys for my 1Password for Teams accounts (one for work, one for family) in my Primary Vault? Since my Primary Vault is only stored on my local device, it seems like that should be safe, but I want to check.
If it is safe, is it less safe if that Primary Vault is synced via iCloud?
Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@Nilonym: Safety is less of a concern than accessibility risks. After all, your 1Password data is encrypted, so where you store it is largely irrelevant, provided you've secured it with a long, strong, unique Master Password.
Your setup adds an additional layer which may actually make it more difficult for you to get into your own data. For example, if you forget that Master Password (or lose the vault in a disaster), you won't have access to the the rest.
I also think it's worth considering that this setup could preclude someone else being able to access your data in your absence, when you might want them to be able to do so. For this reason, we recommend printing the Emergency Kit and storing it in a secure location — perhaps in addition. That way you could include it as part of your estate planning. It's definitely worth contemplating carefully, but ultimately it's really up to you. :)
0 -
@Nilonym I wanted to also note, in addition to brenty's great post, that we encourage creating a strong Master Password and then using that for your 1Password accounts, whether that's the local vault or the Teams account. You can change your current Master Password in the 1Password app to be the same as your Teams one, or the other way around, just so you don't forget one from not using it enough. But you can also have two.
0 -
Ahhh. I'm so trained to use a unique password for every account that I didn't consider the Master Password could be the same for my local vault and Teams accounts. But since those passwords are never transmitted or stored online, it's not as much as an issue, right?
I guess I'd still store the Account Key in the local vault.
0 -
Ahhh. I'm so trained to use a unique password for every account that I didn't consider the Master Password could be the same for my local vault and Teams accounts.
@Nilonym: Indeed, "it's the beginning of a new and excitingly different story" for all of us! But I think that it's important to keep in mind that for most people there won't be separate "local" and "Teams/Families" vaults (and therefore Master Passwords); rather, most people will go with one or the other.
But since those passwords are never transmitted or stored online, it's not as much as an issue, right?
Exactly. And also keep in mind that ultimately you'll have a single Master Password to unlock the app on each device anyway, so from that standpoint it will be transparent anyway.
I guess I'd still store the Account Key in the local vault.
That's entirely up to you. The most important thing is that it be kept safe and secure, and that's one way of doing it. Cheers! :)
0 -
Thanks for all the great info. One more question: If I only had my two Team accounts, and no Primary Vault, what would I use as the Master Password to unlock the app?
0 -
Thanks for all the great info. One more question: If I only had my two Team accounts, and no Primary Vault, what would I use as the Master Password to unlock the app?
@Nilonym: You're welcome! And, wow — another great one! I'm glad you asked. Much like with creating a primary vault, the app will use the Master Password of whichever vault/account you setup first.
I want to note that this currently applies to only 1Password for Mac (though it will come to other platforms as well). When you initially setup 1Password for Mac (and soon iOS, and later others), if you can set it up with only a 1Password for Teams/Families account. This way, your "Personal" vault will effectively be your "primary". If you have multiple Teams/Families accounts, whichever one you setup first will be the Master Password you use for the app. I hope the helps! :pirate:
0
