In order to have the Secret Key function, is a subscription required?

This discussion was created from comments split from: Why not use 2 factor authentication to secure my 1Password Vault?.

Comments

  • kazooless
    kazooless
    Community Member

    I have been a 1Password user for several years now, purchasing it prior to the online account offerings. I'm not at all interested in paying a monthly fee though I understand the world is going to that model and it will help software companies stay profitable. With that in mind, I have a question about the secret key. Is that only in use for people with a subscription? Or will a brand new customer purchasing the latest stand-alone version also have the secret key?

    IOW: in order to have the secret key function, is a subscription required?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @kazooless: Thanks for reaching out. I’m sorry for the confusion! Indeed, you will only have an account if you've signed up for a 1Password.com membership. That’s the only way you’ll have a Secret Key or Sign In URL, or be able to access your data through 1Password.com, which is a subscription service. Otherwise, you can use 1Password without an account and sync data yourself. I hope this helps. Be sure to let me know if you have any other questions! :)

  • kazooless
    kazooless
    Community Member

    @brenty Thank you for the reply. I'm still not 100% sure of the answer to my question. I'll preface with this: "I'm a huge fan of 1P & agilebits. I absolutely love reading your educational articles and even your replies in discussions. They are always incredibly educational.

    For clarification, let's say a person signs up for an account. That same person would install the application on their computer (let's assume and stick with Mac). Using the app, they create their brand new vault, right? If that is right, then the encrypted vault locally resides on the computer. Is the local application combining the secret key with the master password to encrypt it?

    Scenario 2: A brand new user buys your Mac app from your website but doesn't buy the subscription. (Isn't creating an account for this required?). Having downloaded and installed the local app, they create a new local vault. Is this new local vault only encrypted using the master password?

    I'm sorry if you've answered this above and I've just missed it. I've read every single word of this thread. Thanks again.

  • rudy
    edited March 2018

    @kazooles,

    If in your scenario the vault they're creating is the "Primary" vault or a secondary non-1Password.com account vault, it is only protected by the master password.

    Only vaults that are created and show up in the 1Password.com 'manage vault' interface are protected by the Secret Key.

    Rudy

  • kazooless
    kazooless
    Community Member

    @rudy Thanks Rudy. I ready through your entire white paper yesterday after posting this. It is the only white paper I can find, but it seems to be focused only on teams. Is there a paper dedicated to the stand alone?

    Last question on this topic: Is the fact the secret key is only in use with a subscription because of a technical limitation? Or is it a choice by AB to only give it to account holders?

  • Ben
    Ben
    edited March 2018

    Thanks Rudy. I ready through your entire white paper yesterday after posting this. It is the only white paper I can find, but it seems to be focused only on teams. Is there a paper dedicated to the stand alone?

    There is not but if you have specific question we’ll do our best to answer them.

    Last question on this topic: Is the fact the secret key is only in use with a subscription because of a technical limitation? Or is it a choice by AB to only give it to account holders?

    While Secret Keys could theoretically be implemented in standalone vaults their purpose is to protect against a breach of our servers. Since standalone vaults do not exist on our servers that attack vector doesn’t exist and as such it didn’t make sense to retroactively add Secret Keys to such vaults. Doing so would’ve meant making all previous versions of 1Password incompatible with such vaults, which could be argued to do more harm than good.

    Ben

This discussion has been closed.