1Password Manager

Every design decision in 1Password begins with the safety and privacy of your data in mind. It takes a combination of policy, innovative thinking, and a deep respect for your right to privacy. The information you store in 1Password is encrypted, and can only be accessed from a device you’ve already approved. And, as we can’t see the information you store in 1Password, we aren’t capable of giving it away, showing it to anyone, or using it for advertising. Your data is yours, and only you have the keys to unlock it. Encrypted Once. Twice. Thrice. Our security recipe starts with AES-256 bit encryption and uses multiple techniques to protect your data at rest and in transit.

• Master Password. Not just the password you use to unlock your vault, it also plays a key role in encryption. Only you know your Master Password.
• Secret Key. Also a star player in key derivation, this unique 128-bit identifier is generated locally. Only you have your Secret Key.
• Secure Remote Password. A zero knowledge protocol that encrypts all traffic over the network. It also verifies the authenticity of the remote server before sending your information over TLS/SSL.

Secret Key: Better than Two Factor. Security professionals recommend using multiple authentication factors: “something you know”, like your password, and “something you have”, like an authenticator app on your phone. The Secret Key takes this idea to the next level. It doesn’t just authenticate you with our servers; it also plays a direct role in encrypting your data. That’s important, because it strengthens your Master Password exponentially. And since it never gets sent to us, your Secret Key can’t be reset, intercepted, or evaded. Trusted. Fast. Performant. Safe. 1Password is built with modern, open source libraries and industry-proven solutions. So you get lightning-fast performance, a technology stack you can trust, and top-notch reliability. 1Password runs on Amazon Web Services, the largest and most secure infrastructure provider on the planet. WebCrypto: Setting New Standards 1Password is the first and only password manager to use WebCrypto, the next generation standard from the W3C. WebCrypto provides direct access to the system’s secure random number generator, making truly secure cryptography possible in the browser for the first time. And did we say it’s fast? WebCrypto is over 10x faster than traditional crypto libraries, so you don’t have to wait to get first-class security. Transparent, Open Design. We document our entire encryption design so security experts from across the globe can review it. Here are just a few of the processes we document:

• Tamper-proof, authenticated encryption using AES-GCM mode
• Brute force protection using PBKDF2-HMAC-SHA256
• Secure vault sharing using asymmetric cryptography
• Key creation, derivation, and splitting techniques

We cover all these (and more) in great depth in our white paper. It’s a great read and stuffed with geeky details, illustrations, and fun stories. We highly recommend it.