Security and privacy

Authentication and encryption in the 1Password security model

1Password uses strong, end-to-end encryption. Authentication is used to provide our hosted services but not relied on for securing your data.

What is the difference between authentication and encryption?

Encryption transforms meaningful data into what looks like gibberish using a secret that can also be used to reverse the process. Reversing the process is called decryption.

Authentication is the process of convincing a gatekeeper that you are who you say you are, typically by proving that you know a secret.

Encryption-based systems are inherently more secure than authentication-based systems, but authentication-based systems have the benefit of being far more flexible than their counterparts.

Passwords are used for both authentication and encryption

Most people can ignore the distinction between passwords used for encryption and passwords used for authentication. They seem to behave identically: Knowing a password allows you to do something with the data that it is supposed to safeguard.

But encryption-based systems offer more than their authentication-based counterparts, and it’s worth knowing which system is used to protect your data. 1Password is based on encryption-based systems, but it also uses authentication-based systems for 1Password accounts.

The distinction can be hard to grasp partly because the terms used by encryption-based systems suggest that they are actually being used for authentication. Secrets used to encrypt and decrypt data are called “keys”, and 1Password often talks about “unlocking” a “vault”, which are useful metaphors but are far more appropriate for authentication-based systems.

Meatspace Authentication Encryption
“Password” Something you know that proves to a guard that you are authorized to enter Something you know that proves to a system that you are authorized to do stuff Something you know that is transformed into a cryptographic key
“Key” Proves to lock that it is the right key Proves to the verifier that it is the right secret Needed to transform the actual resources
“Unlock” Transform state of the lock so it grants access Transform state of the verifier so it grants access Transforms gibberish into valuable resources

Why are authentication-based systems weaker?

Authentication-based systems involve a gatekeeper that grant access to a resource after someone has convinced it that they have the authority to access that resource. These systems suffer from a number of security challenges that do not typically affect encryption-based systems such as 1Password.

Gatekeepers can act without user authentication

One inherent challenge with authentication-based systems is that the gatekeeper has the power to grant access to whatever resource it protects. The gatekeeper should only grant access in the right circumstances, but nothing guarantees that it does.

Encryption, on the other hand, uses mathematics to ensure that the only way to access the resource in a meaningful way is to use the correct encryption key.

Data is usable independent of the gatekeeper

Resources guarded by authentication-based systems may be accessible through ways that don’t involve the gatekeeper. Unless the resource is encrypted, it may be possible to remove not only the gatekeeper, but also the gates that it is supposed to protect.

Consider setting a file on a computer’s disk to only be readable to its owner. The computer’s operating system serves as a gatekeeper in this respect, and will allow only certain people to read the data in that particular file. But even if that operating system’s gatekeeping is flawless, the data is still unencrypted, which means an attacker could remove the disk and put it on a machine with a different operating system. They could then read everything on the disk regardless of its settings.

If that file or the disk on which it was saved were encrypted, using another operating system to read the disk and copying its data byte by byte gives the attacker no advantage. There is no way to transform the data into any meaningful form without using the correct decryption key.

Multiple gates, each with distinct security properties

Many authentication-based systems have a password reset mechanism that allows you to regain access to your data if you forget your password. This mechanism is another gate into your data, with its own gatekeeper, and this one may not be as careful as the gatekeeper handling normal authentication.

If it’s possible for a human being working within the organization storing your data to reset a password, that person is yet another gatekeeper, which means they have the power to grant access to your data.

Transmitted authentication secrets

The authentication process typically requires a user secret to be sent to a gatekeeper. This secret – often a password – may be vulnerable during transit because it depends on the security of the network. Encryption-based systems typically don’t involve transmitting any encryption keys or passwords.

The use of HTTPS, a more secure version of the HTTP protocol on which much of the web relies, greatly reduces the risk of a password being compromised in this way. And although there are also authentication protocols that don’t involve sending a long-term secret over a network, authentication-based systems do need to worry about the security of transmitted secrets whereas encryption-based systems often don’t.

The authentication process used in 1Password accounts does not transmit any secrets.

Why authentication-based systems are used anyway

Authentication-based systems face a number of threats that aren’t typically relevant to encryption-based systems. So why are authentication-based systems used when encryption-based systems are inherently stronger? The answer: Because a lot can be done with authentication-based systems that are very hard to do with encryption-based systems.

Password resets and data availability

Typically, if one loses the password or key used by an encryption-based system, there’s no way to recover the data. Authentication-based systems often have mechanisms through which access can be regained.

1Password accounts have an authentication aspect, but they were designed to have the security properties offered by encryption-based systems, which means accounts can only be recovered by family organizers or team administrators.

Fine-grained access control

Authentication-based systems can offer fine-grained access controls. One could decide to give Alice, Bob, and Charlie read access to some data; restrict write access to Alice and Charlie; and make it so only Alice could grant access to other people.

Many of the fine-grained access controls offered in 1Password accounts depend on an authentication-based system, but the ability to read data is based on an encryption system.

Remote access

Encryption is typically done locally, with everything on a user’s device, whereas authentication typically involves access to a remote system. Someone who wants to use their data on different devices can use an authentication-based system to access something reachable on the network, whereas encryption-based systems require the establishment of a difficult and complex sync system to work well.

1Password accounts maintain the stronger security properties of encryption systems while offering the syncing convenience of an authentication-based system.

Access revocation

It’s easy to revoke someone’s access to data with an authentication-based system. If Alice lets Bob and Charlie access some data, she could later revoke Bob’s access. This change much easier to make with an authentication-based system than it is with an encryption-based system.

Authentication-based systems are more intuitive

Most people think of data access in terms of authentication. 1Password works by encryption, yet even we at AgileBits use authentication metaphors of vaults that rely on locks and (ordinary) keys.

A quick summary

This is a quick overview of some of the features and security properties of different systems. There are many exceptions to each claim made here; do not consider the contents of this table to be absolute.

Feature Authentication Encryption
Password (hashed) stored Typically stored remotely No
Password transmitted Typically, yes No
Password sufficient for access? Yes No
Password Yes (unless two-factor) Both password and data are needed
Flexible two-factor possible Yes No
Rate limiting possible? Yes No (though slow hashing can help)
Lockout possible? Yes No
Password reset possible? Yes Not without key escrow
Administrator back door Yes (same as with reset) Not without key escrow (same as with reset)
Attack surface Large Small
User control of data Shared Full

Our choice

1Password uses the inherent security advantages of encryption-based systems over the flexibility of authentication-based systems. By using public key cryptography, 1Password accounts offer secure sharing and, through the authentication-based flexibility of servers, more flexible sync and access management.

Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems. Most of the following statements are a direct consequence of the 1Password security model.

  1. AgileBits is only minimally involved in your use of your data. We cannot decrypt your data or collect your Master Password, Secret Key, or encryption keys.
  2. 1Password’s local security doesn’t depend on gatekeepers, which means its security can’t be undermined by subverting authentication mechanisms. Even a total failure of the authentication system used by 1Password accounts would leave the attacker with very little information of value.
  3. 1Password’s local security doesn’t depend on authentication-based systems protecting unencrypted data, which means there’s no threat based on removing non-existent gates.
  4. The 1Password apps don’t need two-factor authentication. 1Password accounts use Two Secret Key Derivation (2SKD) to make sure no one can access your data without both your Master Password and your Secret Key.
  5. No matter what happens to AgileBits as a company, you will be able to access data stored locally in the 1Password apps.

Building a stronger but less flexible security architecture means that what is going on behind the scenes can be very different than what one might imagine. It also means that we have had to work a bit harder to bring you the flexibility that you see. But it also means 1Password offers the best of both encryption- and authentication-based systems.

Published: