Question about "Account Key" statements

Hi,

Long time happy user of 1Password and signed up to the new 1Password subscription service.

Reading some of your security documentation I found the following statements a bit confusing.

https://support.1password.com/understanding-account-key/
"Like your Master Password, your Account Key is never sent over the Internet,"

https://1password.com/security/
"Only you have your Account Key and it never leaves your devices."

How can this be since:

  • Going to https://my.1password.com/signin shows me a webpage with part of my Account Key. Is this not served from your server? Or is it reading it from a local store/cookie?

  • The save your emergency kit feature contains The Account Key and is generated by your servers.

In both these examples the Account Key seems to be sent over the internet. Implying it's not only on my device but also stored on your servers.
I would be grateful if you could clarify and help me understand.
Cheers
Oliver


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi Oliver,

    In both these examples the Account Key seems to be sent over the internet. Implying it's not only on my device but also stored on your servers

    It may seem that way, but it actually isn't. Our whitepaper goes into great detail about this:

    http://1pw.ca/whitepaper

    But the short answer is that the data decryption and generation of the emergency kit are actually done in your browser, not on our servers. :)

    Thanks!

    Ben

  • Fantastic!
    Thanks for the response and I'll read the whitepaper in more detail.
    Cheers
    Oliver

  • BenBen AWS Team

    Team Member

    You're most welcome. If you have any follow up questions please feel free to reach out.

    Ben

This discussion has been closed.