How to handle security while traveling (and potentially losing devices)

slobizman
slobizman
Community Member

I've been thinking alot about security and access to accounts should I lose my phone (and potentially robbed of all devices with me) while traveling in a foreign country. I have done all the right things: 2FA (with Google Authenticator) on important accounts, including gmail and Apple; random, unique answers to security questions; etc. I've been researching what the steps would be required to access accounts, particularly Google (gmail) and Apple (icloud), without my phone or secondary device in another country (outside the US). It's not pretty. Without my iphone or other trusted device, I'm not going to be able to use 2FA. And if I lose my phone and still have my macbook (not if I'm robbed), Authenticator does not work on it.

If I were without access to my accounts, some important things I do each day, work-wise, would not be able to be done, and I might have to end the travel early.

So, what to do? Switching to 2-Step Authorization (SMS) isn't helpful as I would not be able to receive the text. And SMS is not secure anyway . I'm considering turning off 2FA while on a vacation. With the random, complex, and unique-to-each-account Security Question Answers I use (stored in 1Password), no one would be able to pass a security answers test. They wouldn't get my password in the first place since they are super strong. So, what would be the problem with this method while on vacation? Please blow holes in the idea and offer any suggestions on how to otherwise handle travel and security.

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member
    edited September 2017

    Some services, like Gmail, give you the ability to generate a series of one-time passwords (OTP). You could store those in 1Password as a note.

    One neat feature I tried today on Windows was setting up live.com to use two-factor authentication. I set it up on my phone again (a destroyed phone in the recent past) and then used the built-in scanner feature to scan the QR code again into 1Password's OTP feature.

    Then again, even w

  • jessyc
    jessyc
    1Password Alumni
    edited September 2017

    Hi @slobizman,

    This is a very good point that many people overlook, so kudos for even thinking about it.

    This should come in handy : https://support.1password.com/one-time-passwords/
    Advanced level : You could even print the QR code/back up code of each service individually and store it in a VERY secure location.
    Ninja level : Tell the person you trust the most where it is stored in case you are unable to access it (you never know, right?!)

    Finally, I'd suggest to prepare your 1 Password Emergency Kit

  • slobizman
    slobizman
    Community Member

    @AlwaysSortaCurious:

    Yes, I have my set of one-time passwords for google in 1pw. (I don't think Apple has any for 2FA, but I'll double check). On the Google one-time passwords, I've never used one; can I then use that to get in without my 2FA code with that? If so, then I can turn off 2FA at that time while out of the country.

    Also, I heard someone say you can use each one more than once. Do you know if that is true?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @slobizman: First of all, I hope you're not working while you're on vacation! ;)

    In all seriousness though, AlwaysSortaCurious and jessyc have some great suggestions. I'd take it a step further and suggest leaving a copy of your Emergency Kit in a place where you could have someone you trust access it for you in case of an actual emergency. I'd consider storing multifactor "recovery codes" for important accounts with the Emergency Kit if you're not storing them in 1Password itself. But either way, you'd be able to sign into your 1Password.com account with your credentials to access everything you'd stored there. I hope this helps. Be sure to let us know if you have any other questions! :)

  • slobizman
    slobizman
    Community Member

    @jessyc:

    I didn't even know 1pw could do 2FA authorization codes from the mac! Nice. I'll check it out.

    Can it do it from the IOS 1pw?

    This doesn't really help if I lose my devices out of country, but it's going to be useful to me regardless.

    And yes, I do have my Emergency Kit. :)

  • slobizman
    slobizman
    Community Member

    @brenty:

    Always got some work to do no matter where I am in the world, but sporadic. :)

    Good idea on giving hard copies of some security codes and such to a trusted friend.

    Wish Apple had one-time codes for 2FA users.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I didn't even know 1pw could do 2FA authorization codes from the mac! Nice. I'll check it out. Can it do it from the IOS 1pw?

    @slobizman: Yep!

    This doesn't really help if I lose my devices out of country, but it's going to be useful to me regardless.

    Totally! It's good you're thinking about this, so you can put the necessary contingencies in place...and then forget about it and enjoy your travels! :sunglasses:

    And yes, I do have my Emergency Kit. :)

    ;) :+1:

    Always got some work to do no matter where I am in the world, but sporadic. :)

    Haha I hear you! I did manage to take an actual vacation-vacation (i.e. no work) this time...but I'd be lying if I wasn't a bit relieved to get back my routine afterward. :lol:

    Good idea on giving hard copies of some security codes and such to a trusted friend.

    Glad if that helps! It's good to have options. :chuffed:

    Wish Apple had one-time codes for 2FA users.

    They don't offer a "recovery code" option as some services do, but they do have a pretty decent recovery option (with a failsafe against attackers trying to trigger this). Definitely worth checking out. Cheers! :)

  • danco
    danco
    Volunteer Moderator

    It could be worth writing down your 1PW account key and keeping that in your wallet or belongings or elsewhere on your person. Your Master Password is presumably in your memory (as would be the login address on 1password.com), so the only further item you need is the Account Key, which you aren't likely to memorise.

    Obviously there is a certain lack of security in this, but realistically it is extremely small, since it would not be clear what it was the key to, and the other information would not be revealed.

  • beyer
    beyer
    1Password Alumni

    I completely agree with @danco. If all the devices you use 1Password on are stolen, lost, or damaged, having a hard copy of your Secret Key in your wallet could be extremely beneficial. Many people have photos of their important documents, like passports, visa, etc. which can be extremely helpful.

    To help make your Secret Key a little less recognizable, you could strip the version number A3 and the dashes. Then, when entering your Secret Key from hard copy, you'll need your version number, but the dashes aren't required.

    If you're like me and carry a YubiKey, you could also store your Secret Key on it as a static password. I find this slightly easier than paper and I figure I'm more likely to get my wallet mugged than my keys. Especially after they see my 15-year-old Prius, no one wants to steal that. :tongue:

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • wavesound
    wavesound
    Community Member

    Hi 1Password,

    I'd like to ask, has your answer to this question changed in the last year and a half?

  • Reading the above responses I can't think of anything off hand I'd recommend different, @wavesound. :)

    Ben

  • wavesound
    wavesound
    Community Member
    edited July 2019

    I'd like to get your feedback on the following scenario:

    A 1Password.com account user is traveling alone in a foreign country and they are robbed. Their only 1Password device, their wallet, passport and luggage is stolen. Consequently, they don't have any usernames/passwords, no banking information, no phone numbers, no credit card numbers because they are locked up in their 1Password.com account. How can they recover their account without the 1Password Secret Key?

    They cannot buy anything, call anyone, cancel their cards, access their accounts, etc.

    This scenario does happen to travelers including clients of ours and I think it highlights a design limitation with your service. Carrying a copy of your "Secret Key" is not an acceptable workaround because that would likely also be stolen. "Security by obscurity" is a completely unacceptable suggestion for keeping secret keys in plain-text for our clients and the recovery mechanism cannot involve other people so phone calls are out of the question.

    Other products that our customers use do not require this and although I understand the intent of the "Secret Key", the way you have implemented it complicates the fundamental human limitations that 1Password was meant to address. As your name implies, I should only have to remember one password not two.

    It seems like if you use the 1Password.com service...it should be called 2Password since you need two credentials to access your data. Am I missing something in this analysis?

  • AGAlumB
    AGAlumB
    1Password Alumni

    A 1Password.com account user is traveling alone in a foreign country and they are robbed. Their only 1Password device, their wallet, passport and luggage is stolen. Consequently, they don't have any usernames/passwords, no banking information, no phone numbers, no credit card numbers because they are locked up in their 1Password.com account. How can they recover their account without the 1Password Secret Key?

    @wavesound: They can't. It's entirely up to you how you plan for that sort of contingency, but personally I leave a copy of my Emergency Kit with someone I trust. Whether I end up needing to call them to get it myself or they need it if something happens to me, it's covered.

    Other products that our customers use do not require this and although I understand the intent of the "Secret Key", the way you have implemented it complicates the fundamental human limitations that 1Password was meant to address. As your name implies, I should only have to remember one password not two.

    Without knowing what we're talking about I can't really speak to specifics, but it is the case that 1Password is more secure than most products, and a big part of that is because of 1Password's design, using 2KSD to protect against attacks against us. More on what that means below.

    It seems like if you use the 1Password.com service...it should be called 2Password since you need two credentials to access your data. Am I missing something in this analysis?

    As I'm sure you're aware it's not uncommon at all for services to be compromised and for attackers to steal, and sell, customer data, etc. Many web services especially store users' passwords, payment information, and many other sensitive details. Heck, that's the stuff each of us saves in 1Password! The difference is that what's on our server is an encrypted blob, and we literally never have the "keys" to decrypt it: the Master Password is chosen by the user, the Secret Key is generated locally on their device during signup, and neither are ever transmitted to us. That may seem academic, but it's really important because using both to encrypt the data means both are required to decrypt it. We don't have them. But users don't always pick the best passwords. And if the data is only encrypted using the Master Password, and an attacker steals the encrypted database from us, the attacker can perform a brute force attack against the user's Master Password. But because the (128-bit, randomly-generated) Secret Key is also needed, that becomes infeasible.

    I get that it would be more convenient to not have the Secret Key at all, but it would also make us, and therefore all 1Password users, a more appealing target, because if one attacker was able to steal the database from us, they could take all the time they need to guess people's Master Passwords. The Secret Key all but eliminates that attack vector.

    But, perhaps more practically, almost no one ever needs to know and/or enter their Secret Key. it is only required the first time when setting up a device, and if any other devices are already using the account, it can be viewed there anyway, without having to have it printed or written down somewhere else (though it's good to do that in case you do lose devices, etc.)

    I know this is a lot to take in, but hopefully this helps tie everything together better. And if you have any other questions, be sure to let me know. Happy to answer them. :)

  • wavesound
    wavesound
    Community Member

    @brenty,

    Thank you for your response. It's not much to take in since I am very familiar with the role that the "Secret Key" plays in protecting the 1Password.com account from data theft.

    However, based on your response, I am left to conclude that you have no work-around for this situation. If one is traveling alone overseas and their devices and and belongings are stolen, their data is locked away with no hope of accessing it without being able to make a phone call or take advantage of some other arrangement to retrieve the "Secret Key" and log in using a web terminal or a new device.

    But, perhaps more practically, almost no one ever needs to know and/or enter their Secret Key. it is only required the first time when setting up a device, and if any other devices are already using the account, it can be viewed there anyway, without having to have it printed or written down somewhere else (though it's good to do that in case you do lose devices, etc.)

    That's the crux of the issue here. Most of the time you won't need the Secret Key and you'll be able to get along with out. I appreciate the attention to detail designing for the worst case scenario of data theft, but in doing so, you created the threat of a customer losing access to their data and being digitally stranded with no means of recovery when they need it most without special assistance, planning or some technical savvy on their own part. I should point out that this is not a hypothetical situation, one of our customers faced this situation recently and would not have been able to reach out to an emergency contact. Thankfully they were on a standalone account syncing though iCloud.

    I expect critical software to be adaptable and flexible to accommodate the reasonable limitations of the people that use them and more we work with 1Password.com in real environments I am becoming less convinced that 1Password.com is the right to tool for everyone.

    As a technical consulting firm, 1Password works for us, but for our non-technical clients, it has been impossible to move beyond the Standalone product based on the real-world scenarios that they encounter in their lives.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wavesound: I would love to understand how a standalone vault in iCloud is more accessible than data in a 1Password account. Earlier you made the obvious joke (I think it was a joke, anyway) that "it should be called 2Password"...but to get to 1Password data in iCloud, you would need:

    • an Apple device
    • Apple ID username and password (assuming you use the same one for both the App Store and iCloud)
    • possibly two-factor authentication for the Apple ID
    • a stable internet connection to download 1Password
    • the Master Password for the vault in iCloud

    To access data in a 1Password account, you would need:

    • any device with a relatively recent web browser
    • Secret Key
    • Master Password for the account
    • possibly two-factor authentication, if you've enabled that feature

    We can probably quibble over hypothetical scenarios, but that's what I see in the real world every day.

    I don't think anyone here would claim that 1Password is "right to tool for everyone". It isn't. We do our best, but our focus is on security, and making it available to as many people as possible. But we can't accommodate every use case (nor do we want to, when it conflicts with our core values, and/or the purpose of 1Password itself).

    1Password isn't perfect, but a wide range of "non-technical" people use it successfully, and even enjoy it. So I'd be interested to pursue this with you more in detail to see what the differences might be. :)

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    Ill tell you quite honestly, that i dont think it is for everyone but it dose fill that need. I think almost everyone who uses Facebook well should be able to handle 1password, but there is this human mental block that prevents a lot of those same people from being able to confidently handle email or anything else more technical than that. But where Enterprise passwords are concerned or high credentialed individuals, got to be 1password

  • AGAlumB
    AGAlumB
    1Password Alumni

    @AlwaysSortaCurious: You make a really good point about there potentially being perceived hurdles. Certainly something seeming intimidating can effectively make it so. I think we have work to do with making 1Password more...comfortable, for lack of a better word. Part of that, and I think with the Secret Key especially, is it's something different from what people are used to. In a direction comparison of what's involved with syncing using iCloud versus 1Password.com, the latter technically requires less...but I think it's fair to say that more people are familiar and therefore more comfortable with iCloud, because they're used to it, and because it uses a more traditional username/password model (though two-factor and other things add complications). Maybe that's similar to what wavesound is getting at.

  • wavesound
    wavesound
    Community Member
    edited July 2019

    @brenty,

    You’re right, I used “2Password” to make a point about this scenario.

    In this case, we don’t advise that our clients use randomly generated passwords for their Apple ID since restoring a iCloud backup from a lost device at the Apple Store requires the Apple ID to gain access to their iCloud backup and to regain access to messaging and other essential mobile communication tools and data before they can re-install 1Password. We don’t make this recommendation because it addresses a “hypothetical” situation. This actually happened to a client of ours traveling on vacation that dropped her iPhone into the ocean. She had no other devices with 1Password available to her while traveling. She had two-factor enabled on her Apple ID but Apple uses SMS-based backup that enabled her to regain access to her account.

    I don’t like SMS generally because it practically turns your cellphone carrier into an authentication provider and some carriers do this better than others, but it seems to be a necessary tool for people who can only remember a couple of passwords and provides some protection from total lockout.

    I would also take issue with your use of the word “comfortable.” We have to accommodate mechanisms/controls implemented by other vendors that your software/service relies upon. 1Password.com technically requires less, but practically requires more. Improving that is my challenge to you as an organization if you want to appeal to a broader mainstream audience beyond “techies.”

    If you only want to appeal to “techies”, I understand. All of the “Customers” on your “Customers” page are all tech companies and I’m the technical person managing my business and my family account. But I will have to consider other tools for clients that will, despite all of my efforts, lose or forget everything.

    Encryption offers a lot of protection over people’s data but it’s a two edged sword and I’m very worried that the other edge will “cut” several of our clients by unwittingly locking themselves out of 1Password.com accounts with no recourse to regain access in situations where sharing “Secret Keys” is not possible.

  • There are always tradeoffs. Which ones will make sense are likely to vary from person to person.

    But I will have to consider other tools for clients that will, despite all of my efforts, lose or forget everything.

    There is really only so much that can be done for someone who will lose or forget everything. For such a client have you considered storing their Emergency Kit for them? Obviously this would require that they have an extreme amount of trust in you, but trusting someone is really the only alternative if they're prone to lose or forget everything. Normally I'd suggest recovery, which requires less trust, but in this situation they likely don't have access to their email either.

    We have to accommodate mechanisms/controls implemented by other vendors that your software/service relies upon. 1Password.com technically requires less, but practically requires more.

    I'm not sure I follow. In what way does it require more? Could you please elaborate?

    Ben

  • danco
    danco
    Volunteer Moderator

    One possible solution though it may be considered insecure.

    Store your secret key in the cloud using a different email address from the one you use for 1PW and a memorable (generated by 1PW as words) password for the cloud account. Even if the cloud account was broken into it's unlikely that anyone would recognise the text as a 1PW secret key (it could always be obfuscated) and anyway a thief would not know the other account details.

    It does mean a need to remember another password, though.

  • Zaka7
    Zaka7
    Community Member

    My personal preference is having another family organiser who can recover my account, that person also has a shared vault with myself containing the log in details of both our respective email accounts to assist with recovery.

    The reality is there is no situation where either of us could start recovering an account by 'accident' or without the other knowing, due to "new sign in notifications" etc. I personally have enough trust that nothing malicious will be done by either of us, however for those with a little less trust, that could make you feel easier? as you could stop the process upon receipt of these warnings.

  • All are certainly valid thoughts for consideration. :+1:

    Ben

  • KnnNike
    KnnNike
    Community Member

    I'll echo some of the interest in these scenarios, as that's what led me to this forum this morning. I've been a 1Password user for about a month now. Earlier this morning while on travel, I thought I had lost my cell phone. I tried to log in to 1Password at the AirBnB I am staying at, but without that secret key it was worthless. Nobody has land lines any more, so I couldn't call anyone to assist with recovery, and I couldn't even send an email to someone for assistance because my email account is 2fa protected.

    After an hour of searching, I found my phone, to my great relief. But it does beg the question...what should I have done differently in this scenario? I guess carrying a piece of paper with my secret key written down?

  • @KnnNike

    After an hour of searching, I found my phone, to my great relief. But it does beg the question...what should I have done differently in this scenario? I guess carrying a piece of paper with my secret key written down?

    I'm glad to hear you were able to locate your phone. In part I think it is important that we stress how important it is to not access any of your accounts especially 1Password from a device that isn't yours. You have no way of knowing what sort of malware might be present on such a device. As far as an official recommendation: wait until you get back to one of your devices, or purchase a new device, to access any accounts. Beyond that, yes, traveling with a copy of your Emergency Kit is probably a reasonable precaution. Let's say you really did lose your phone... when you were able to purchase a new one you'd need the Secret Key in order to set up 1Password on that.

    Ben

  • wavesound
    wavesound
    Community Member

    @Ben,

    There is really only so much that can be done for someone who will lose or forget everything. For such a client have you considered storing their Emergency Kit for them? Obviously this would require that they have an extreme amount of trust in you, but trusting someone is really the only alternative if they're prone to lose or forget everything. Normally I'd suggest recovery, which requires less trust, but in this situation they likely don't have access to their email either.

    I was just referring to just the Secret Key in this example.

    Your suggestion to keep the Secret Key in escrow is completely unacceptable because it creates legal liability between the client and consultant. In your own marketing materials, (https://support.1password.com/hipaa/) AgileBits' legal argument justifying your HIPAA compliance is that you have "no ability to view or decrypt patient records or any other data stored in 1Password" which protects you and yet in this very thread, you are suggesting that we should assume that responsibility and therefore that liability for our clients.

    I understand that this is a culture clash, but we operate as consultants to individuals and institutions expecting institutional-level protection and disaster recovery and its becoming clearer and clearer, that this product has been designed for technical individuals, small businesses and their families or larger businesses by technical individuals that are willing to accept additional administrative overhead.

    I'm not sure I follow. In what way does it require more? Could you please elaborate?

    I'm talking about the real-world consequences of not having your Secret Key when all of your devices are inaccessible or lost. Referring back to the example of traveling and losing your phone. Let's say that I chose to create long random complex passwords for the 1Password service including my Apple ID. If I go to the Apple Store, I would be unable to buy or setup a new iPhone until I get my 1Password Secret Key which is a long, complex, random string of alpha-numeric of numbers and letters from a trusted third party or a digital escrow as @danco suggested. Or more simply, I wouldn't have access to my online banking, etc.

    I especially disagree with @brenty's comment:

    But, perhaps more practically, almost no one ever needs to know and/or enter their Secret Key.

    But when they don't it's a complete disaster for that paying customer of 1Password.com's service.

    To summarize, we have seen 1Password's security is becoming a liability as much as it is an asset for customers and your response is somewhat diplomatic indicating that it's the customer's responsibility to be fully aware of the security model and @KnnNike's situation is a case in point. People are not stupid, but not all of them are technical, it is not simply a matter of "educating" or making them more "comfortable." They have no interest in becoming cybersecurity experts, they just want to know that their data is protected and they can go about their lives doing what is important to them.

    I am simply asking AgileBits to acknowledge its responsibility and take a more active role in preventing customers from losing access to their data because in our experience, your current approach is inadequate for the average consumer(s) that you are targeting.

  • KnnNike
    KnnNike
    Community Member

    @wavesound I'll take your comment a step further, because I do consider myself highly technical...I would posit that there is no "technical" way to fully ensure access to security data in a travel scenario.

    Since that mishap with my phone, I have since re-jiggered several of the passwords to my more critical accounts so that they're easier to remember without 1password, but that can mean reducing the security of those passwords. Further, even if I were to achieve security parity for my "easy to remember" passwords (a la xkcd: https://www.xkcd.com/936/), the point is moot...because the secret key is necessarily an impossible-to-remember string of letters and numbers.

    As I understand this thread, the only solutions to accessing 1password after losing your phone on travel are: (1) don't lose your phone, (2) communicate with someone who has your emergency kit [this is far more difficult than you might expect, if you've lost your phone], or (3) carry around some type of unencrypted version of your secret key [which on some level feels antithesis to 1password].

    There's no easy solutions here, but it has made me question whether or not I should go back to using Lastpass...which doesn't require the secret key on top of a master password. For me, I'm just not sure the marginal benefit of the secret key outweighs the marginal cost of lost access when I need it.

  • wavesound
    wavesound
    Community Member

    @KnnNike, I'm sorry that you encountered the same issue. It's a real problem and I'm worried that others will not be so lucky.

    I have been telling clients to do the same since you cannot get a new Apple device or 1Password running if you lose your phone or access to devices without that Secret Key or to keep their Secret Key in another online password manager. However, I don't like any of these workarounds because it really makes the product unusable for the average consumer.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Being 128-bits randomly-generated, the security benefit of the Secret Key is not "marginal"; it's astronomical. Its purpose is to protect you against an attack against us, since otherwise, were the data encrypted using only your Master Password, it would be possible to perform a brute force attack against that. This way, the Secret Key would also need to be guessed as well. Which is why I use the word "astronomical". :lol:

    Anyway, while everyone has to desire for themselves what measures they take, based on their own personal threat model, for me, leaving a copy of my Emergency Kit with someone I trust means I can get the Secret Key from them if necessary -- if all of my devices are really lost, stolen, or destroyed simultaneously. And since I've got my Master Password in my brain, that's all I'll need from them. Cheers! :sunglasses:

  • KnnNike
    KnnNike
    Community Member
    edited September 2019

    @brenty "leaving a copy of my Emergency Kit with someone I trust means I can get the Secret Key from them if necessary -- if all of my devices are really lost, stolen, or destroyed simultaneously"

    That's my point though...pray tell, if all of your devices are lost/stolen/destroyed, how would you get in touch with a trusted individual? Assume you don't have access to a landline (if you even remember actual phone numbers anymore)...which is a very realistic scenario in this day and age. You've lost your phone...so messaging/texting/calling is out. And you can't log in to email/Gchat/FBMessenger/etc. on a computer, because you need the password from 1password and/or a 2FA code from your device. And if you're in a different city from that person (again, highly realistic, especially with travel), you can't even go physically meet them.

    I'm not asking this to be cute...this is the scenario I am genuinely trying to figure out a solution for; it is exactly what I faced several months ago on travel. I agree that the secret key makes things more secure, but so islocking all of my passwords in a fireproof safe under my bed. My point is, extra security cannot come at the cost of not being able to access your data when you truly need it.

    Also, I am not a security expert, but are you really suggesting that any master password is susceptible to a brute force attack? I find that extremely difficult to believe, assuming you've created a master password with sufficient entropy. Lastpass does not use a secret key in combo with master password, and it sounds like you just stated that their system is completely unsafe, and that yours is the only safe one.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @KnnNike: You'd better believe that I know the phone number of the person I'd call in a true emergency situation. And all of the places I travel to have telephones. If I inadvertently end up somewhere where telephones are completely unavailable, I will have bigger problems to worry about than getting login credentials out of 1Password. But that's just me. You should make whatever arrangements you fell you need to. :)

    P.S: Yes, any password is susceptible to a brute force attack. The trick is using one that is strong enough to push success of such an attack far enough into the future that you don't care. We can't count on all 1Password users using strong, unique Master Passwords though, so we prevent brute force attacks against them in the case of our server being broken into using the Secret Key.

This discussion has been closed.