1Password Memberships
1
Key security features
2
Principles
3
Account password and Secret Key
3.1
Account password
3.2
Secret Key
3.3
Emergency Kit
4
A modern approach to authentication
4.1
What we want from authentication
4.1.1
Traditional authentication
4.1.2
Password-Authenticated Key Exchange
4.1.3
Making verifiers uncrackable with 2SKD
5
How vault items are secured
5.1
Key derivation overview
5.2
A first look at key sets
5.2.1
Flexible, yet firm
6
How vaults are shared securely
6.1
Getting the message (to the right people)
7
How items are shared with anyone
7.1
Overview
7.2
1Password client
7.2.1
Making a share link
7.2.2
Client’s first steps
7.2.3
Encryption and key generation
7.2.4
Uploading the share
7.2.5
Sharing the share link
7.3
Server to server
7.3.1
Audit and status queries
7.4
Share pickup
7.4.1
Additional authentication
7.4.2
Client analytics
7.5
Caveats
8
A deeper look at keys
8.1
Key creation
8.2
Key derivation
8.2.1
Deriving two keys from two secrets
8.2.2
Preprocessing the account password
8.2.3
Preparing the salt
8.2.4
Slow hashing
8.2.5
Combining with the Secret Key
8.2.6
Deriving the authentication key
8.3
Initial sign-up
8.3.1
Protecting email invitations
8.4
Enrolling a new client
8.5
Normal unlock and sign-in
9
Unlock with a passkey or single sign-on
9.1
Unlocking without an account password
9.1.1
Authorization and the credential bundle
9.2
Linked apps and browsers
9.3
Linking other devices
9.4
Quick on-device access with biometrics
10
Revoking access
11
Access control enforcement
11.1
Cryptographically enforced controls
11.2
Server-enforced controls
11.3
Client-enforced controls
11.3.1
Controls enforced by client policy
11.4
Multiple layers of enforcement
12
Restoring a user’s access to a vault
12.1
Overview of groups
12.2
Recovery groups
12.3
Implicit sharing
12.4
Protecting vaults from recovery group members
12.5
Recovery risks
12.6
Recovery keys
12.6.1
Recovery key generation
12.6.2
Recovery key authentication
12.6.3
Recovery key policies
12.6.4
Recovery key use
12.6.5
Recovery codes
13
Secrets Automation
13.1
The Connect server
13.1.1
Service account
13.1.2
Local deployment
13.1.3
Credential store
13.1.4
The credentials file
13.1.5
Encrypted credentials
13.1.6
Verifier
13.1.7
Interprocess key
13.2
Bearer token
13.3
Header
13.3.1
Payload
13.3.2
Signature
14
Transport security
14.1
Data at rest
14.2
TLS
14.3
Our transport security
14.3.1
Client delivery
14.3.2
Passkey and single sign-on unlock caveats
15
Server Infrastructure
15.1
What the server stores
15.2
How your data is stored
Appendix
A
Appendix A: Beware of the leopard
A.1
Crypto over HTTPS
A.1.1
Crypto in the browser
A.2
Recovery Group powers
A.3
No public key verification
A.4
Limited re-encryption secrecy
A.4.1
Revocation
A.4.2
Your mitigations
A.5
Account password changes don’t change keysets
A.5.1
Your mitigations
A.6
Local client account password has control of other account passwords
A.6.1
Mitigations
A.7
Policy enforcement mechanisms not always clear to user
A.8
Malicious client
A.9
Vulnerability of server data
A.10
Malicious processes on your devices
A.10.1
Malicious or undesired browser components
A.10.2
Locally exposed Secret Keys
A.10.3
Device keys used with passkey and single sign-on unlock
A.11
Revealing who is registered
A.12
Use of email
B
Appendix B: Secure Remote Password
B.0.1
Registration
B.0.2
Sign-in
B.0.3
With a strong KDF
B.1
The math of SRP
B.1.1
Math background
B.1.2
Diffie-Hellman key exchange
B.1.3
Authenticated key exchange
C
Appendix C: Verifying public keys
C.1
Types of defenses
C.1.1
Trust hierarchy
C.1.2
User-to-user verification
C.2
The problem remains
Bibliography
Glossary
1Password Security Design
1Password Security Design
1Password Memberships
