How is it secure if admin can reset

Hi

I thought the secret key and password were used in encryption, but it seems that if these are lost the admin can reset access and passwords in the valut can be accessed. How does this work whilst staying secure?

Comments

  • BenBen AWS Team

    Team Member

    Hi @Rcon,

    This is covered on page 38 of our 1Password Security Design White Paper. If you have any questions or need clarification on any of those points please let me know.

    Ben

  • Thank you for the very quick reply. I have scanned that doc and it seems to make sense to me. It is encouraging that you have highlighted the potential weakness of social engineering in commencing a recovery process. My business has provided me with a business 1password account with recovery features as described. I have been able to set up a personal family account as a result for my personal data. As this is not on the same URL, I assume that this doesn't have a recovery process and my employer cannot maliciously reset the Secret Key or Master Password.

  • BenBen AWS Team

    Team Member

    @Rcon

    1Password Families memberships do have a recovery process, but only people who are organizers on that membership would be able to initiate the recovery process:

    About family organizers in 1Password Families

    For this reason where practical we recommend having multiple organizers. If people from your company aren't organizers on your 1Password Families account they wouldn't have any ability to influence the data in it. The only link between the two memberships is the billing link.

    In short:

    and my employer cannot maliciously reset the Secret Key or Master Password.

    Correct.

    Ben

  • Thank you @Ben for this excellent and highly responsive support. You have answered all my questions and alleviated any worries I had.

  • BenBen AWS Team

    Team Member

    Glad to hear it @Rcon. Happy to help. If there is anything else we can do, please don't hesitate to contact us.

    Ben

  • brentybrenty

    Team Member
    edited March 1

    And in case it helps anyone else (from page 40),

    Recovery risks

    Recovery mechanisms are inherently weak points in maintaining the secrecy of data. Although we have worked to design ours to defend against various attacks, there are special precautions that should be taken when managing a Recovery Group or authorizing recovery.

    • Members of a Recovery Group should be adept at keeping the devices that they use secure and free of malware.

    • Members of the Recovery Group should be aware of social engineering trickery.

    • Requests for recovery should be verified independently of email. (Face to face or a phone call should be used.)

    • Recovery emails should be sent only if you have confidence in the security of the email system.

    • If there are no members of a Recovery Group, the capacity to recover data is lost to the team.

    We recommend that recovery requests be confirmed person to person, to avoid a person-in-the-middle or social engineering attack on the email correspondence. Cheers! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file