Signing in to 1P account when I am away from my devices

Hi @fourwheelcycle! Indeed, you can sign in to 1Password.com from any computer with a modern browser. I personally keep my Secret Key in my wallet. If you have any of the devices you've signed in to 1Password with, you can find your Secret Key there.

Also, it appears the only reason I am able to sign in to my 1P account on my established devices w/o entering my secret key is that my secret key has been saved by AgileBits as a cookie. If I delete my cookies I can no longer sign in w/o entering my secret key. Is a cookie really a secure way to keep my secret key? Is there any way for expert hackers, or AgileBits, to access my cookies and learn my secret key? AgileBits says that hackers, or even AgileBits, cannot access my 1P account passwords in AgileBits' cloud w/o my secret key, so maintaining the security of my secret key seems to be "key" to maintaining the security of my 1P account.

Clearing your browser data will remove your Secret Key, as well as the sign-in address, email address, and other account details stored on it. If someone has access to the device you signed in to and knew what they were doing, they could get the Secret Key from it. That's why it's best to sign in to devices you trust, and if you use a public computer, click "This is a public or shared computer" when signing in.

You don't have to sign in to your account in a browser if you don't want to, either. Taking things a bit further, there are three umbrellas of security in 1Password accounts. ☔ Before all of them is your Master Password and Secret Key. In the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But in an account, the Secret Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Secret Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later — you're probably not going to remember the whole thing. ;)

It’s great to have a Master Password and Secret Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Secret key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server.

Learn more about how 1Password keeps your data safe no matter where it is:

How 1Password protects your data when you use a sync service

Hope that helps!