To protect your privacy: email us with billing or account questions instead of posting here.

1Password account login item

onodera3
onodera3
Community Member

I just signed up for a new 1Password Families account and migrated from an older version of 1Password. One thing I noticed is that it looks like a new item was automatically created and it contains my new master password and my secret key.

Am I right that this was automatically created? Or maybe I accidentally saved my password in the old app when signing up on the site. I am wondering if it is secure to have my master password stored in 1Password itself. For example someone could use it to signin to my account on the website if they happened to get access to my computer while it was unlocked. I am thinking I should delete it maybe, or maybe I'm wrong and it is secure to have it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @mysticflute - if the item is a Login item and it contains your Master Password, then it sounds like you may have saved it perhaps inadvertently when you signed into your account on the web? You can certainly remove it if it makes you uncomfortable. But in truth, if someone's already gained access to your 1Password data, presumably they've done that by figuring out (or otherwise stealing from somewhere) your Master Password, which means they already have both the Secret Key and the Master Password.

    You should never leave copies of your Secret Key or your Master Password lying around in unencrypted form digitally, or in printed-out form that can be copied, photographed, etc. But if it's the secrets to your vault, and you're storing them IN your vault...well...chances are pretty good they'll be safe there. The only thing I can think of that might be a risk is if the way someone got access to your 1Password data was by you unwisely leaving your computer open and unlocked in a public place (even such as work, if you work in an office) while you left for a while. In THAT case, the person would not have your Master Password because you would've been the one who entered it; the Master Password would be new information for them. But, um, of course it goes without saying that you should never leave your computer open and unguarded like that.

    In the last analysis, if you think this item serves no value/point for you, go ahead and delete it. If you think it will make signing into your account in a browser easier, maybe keep it -- just don't leave your computer or phone lying around, with 1Password open and unlocked. :)

This discussion has been closed.