Your Secret Key is 34 letters and numbers, separated by dashes. It’s stored on devices you’ve used to sign in to your account, and in your Emergency Kit. Only you have access to it. Your Secret Key works with your 1Password account password – which only you know – to encrypt your data and keep it safe.
Your Secret Key is:
- Yours. Everyone has their own unique Secret Key.
- Secret. Your Secret Key was created on your own device. We have no record of your Secret Key and can’t recover it.
Your Secret Key is not:
- A license key or serial number. It’s an encryption key that’s unrelated to your purchase.
- A backup code. It doesn’t let you sign in if you forget your 1Password account password.
Protect your Secret Key
No one can access your 1Password data without your Secret Key. That includes you, so make sure you’re always able to find it.
- Keep it secret. Don’t send it to us or make it public.
- Keep it safe. Save your Emergency Kit, which contains your Secret Key. Then you’ll be able to find it, even if something happens to your devices.
How your Secret Key protects you
Your Secret Key and your 1Password account password both protect your data. They’re combined to create the full encryption key that encrypts everything you store in 1Password.
Because you need to memorize your account password, it can only be so strong – about 40 bits of entropy on average. Your Secret Key doesn’t need to be memorized, so it can be much stronger. It has 128 bits of entropy, making it infeasible to guess no matter how much money or computing power an attacker has available.
These differences in entropy and memorability allow your Account Password and Secret Key to protect you from different kinds of threats:
- Your 1Password account password protects your data on your devices. Someone who has access to your devices or backups won’t be able to unlock 1Password without your account password, which only you know.
- Your Secret Key protects your data off your devices. Someone who attempts a brute-force attack on our servers won’t be able to decrypt your data without your Secret Key, which we never have.
Like your account password, your Secret Key is never sent to us. But because you can’t memorize your Secret Key, 1Password stores copies of it for you, so you can:
- Unlock 1Password without entering your Secret Key every time. It’s stored in the 1Password apps and browsers you’ve used to sign in to your account on 1Password.com.*
- Have peace of mind if you lose a device. Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Keychain turned on and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your account password. It’s the same for Android backups.
*You won’t be able to find your Secret Key in Safari unless you sign in to your 1Password account at least once every 7 days.
Your Secret Key starts with eight characters that are known to us, which we use to aid in troubleshooting. The first two characters are the version number, and the following six characters are the identifier. For example:
The Secret Key was called the “Account Key” in previous versions of 1Password, and may still be labeled that way in your Emergency Kit. They are one and the same.
To find out more about the format of the Secret Key and how it is used in encryption, check out our 1Password Security Design White Paper