[pecheny]

Sorry, I don't get it. The secret key has to be stored somewhere, right? If it's on the server, the attacker gets it together with the vault. If it's on the client, then you lose your phone → you lose your passwords, which is, while secure, very risky and I wouldn't expect it from a company focused on regular customers.

[selykg]

It’s generated locally when you create your account and not shared with 1Password. Various keys are derived from your master password and secret key.

The secret key is never sent to 1Password and is only used locally.

This is why it’s so much more secure than LastPass, and Bitwarden, and any other cloud hosted solution. I know, I just pissed off all the Bitwarden fans, but it is true.

You must save your Secret Key, but it’s also saved in Apple’s Keychain so there’s a copy there as well.

Finally, if you do lose your secret key, your account can be recovered using the Account Recovery process as long as there is someone else on your account with the appropriate permissions. If you want to know how that works, ask, but it’s sort of lengthy so I’ll skip it for now.

[PuffinBlue]

When you setup your 1password account you are provided an ‘Emergency kit’ in the form of a PDF containing this key and other info. You are supposed to save it somewhere secure or print it and place it somewhere secure.

You could save it in a local keepassXC database if you like.

This 128bit key is only saved locally, not on their servers. So contrary to you disbelief, 1Password does actually prioritise security in this manner over focusing on ‘regular customers’.

Its also fairly common to have more than one device, so you would have the key on more than one device as a result too.

[poglet]

It sounds like a public and private key pair, like in asymmetric encryption or public-key cryptography. The private key is stored on the client. The private key and users password are both required to authenticate against the public key stored the server.

An attacker would have no success with a dictionary attack (used in the article). Even if the password was in the dictionary, the private key is still missing.

[xvector]

No. It's symmetric, not asymmetric. The secret key is a 128-bit key that is effectively concatenated with the master password for master key derivation.