Not entirely true, but this is one misunderstanding that kept me from getting on board with a password manager for years.Originally Posted by davsel
Here's how 1Password.com works:
1Password generates a long key when you signup.
You need to install that key on whatever devices you wish to use 1Password on. This step can be a PITA but it's a one time deal per device and the QR code (or was it a barcode? I don't remember) that 1Password can generate of the key helps.
Here's security feature 1: That key AND your password are BOTH necessary to decrypt your information. So if someone "figures out your password" as you stated, without the key they have nothing UNLESS they also have one of your devices and/or your key as well.
Security feature 2: Your password is never send to 1Password, so even they don't have it. Your information remains encrypted until it's ON your device and then it's decrypted there using your password and key.
So no decrypted information is stored on 1Password's side nor does any decrypted information move through the network.
Downside is don't expect any "Password recovery" option from 1Password. If you forget it, you're SOL. This is a feature, not a bug, serioiusly.
Nice thing is that when you setup your 1Password account it prints out a nice sheet of paper with your key on it and space to write your password.
I have two copies of this, one in my safe deposit box and the other in the GF's safe deposit box.
So, to recap:
- If someone gets your password they can't get into your stuff.
- If someone steals one of your devices they can't get into your stuff.
- If someone gets your key they can't get into your stuff.
Only if they have the key AND your password can they access your stuff.
Use a good passowrd, something cryptic but easy to remember like "F0ur$c0r3@nd" and everything will be very, very secure and safe.
O2
Colorado AR-15 Shooters Club Discussion Forums
Welcome to the Colorado AR-15 Shooters Club Discussion Forums.
Reply With Quote
