I just noticed my 1password.com password is in 1password...

I accidentally clicked on it and I see my secret key and my password. That seems dangerous. Do people generally keep their full credentials to 1password in 1password?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • And let me be clear, I don't remember saying "yes" to adding this.

  • BenBen AWS Team

    Team Member

    Hi @envoy510,

    This sounds like one of the "starter kit" items. When you create a 1Password account 1Password will save a starter kit which includes a Login item for your 1Password.com account.

    That seems dangerous

    In what way? Just like all other items stored in your 1Password vaults this item is encrypted.

    Do people generally keep their full credentials to 1password in 1password?

    Considering this happens automatically and with every account created: yes, it is extremely common.

    And let me be clear, I don't remember saying "yes" to adding this.

    It isn't a process that is opted into. If you'd like to opt out, simply delete the starter kit item. But we generally recommend keeping it, as it is one of the ways in which you can recover your Secret Key if you lose it, which is a very real threat.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • @Ben Thanks for the response. I mean dangerous in the context of my other post (Option to require master password to reveal password on some entries).

    1. Go get coffee.
    2. Forget to lock screen.
    3. Person walks up, clicks Chrome 1PW icon, types "1Pass" and reveals the info, takes pic. I'm owned. Totally.
  • BenBen AWS Team

    Team Member

    Since with that context this is essentially a continuation of our existing conversation let's keep it all in one place. :) I'd be happy to continue the conversation with you over there.

    Ben

This discussion has been closed.