Security and privacy

About your Secret Key

Your Secret Key keeps your 1Password account safe by adding another level of security on top of your Master Password.

Your Secret Key is 34 letters and numbers, separated by dashes. It’s stored on devices you’ve used to sign in to your account, and in your Emergency Kit. Only you have access to it. Your Secret Key works with your Master Password – which only you know – to encrypt your data and keep it safe.

Your Secret Key is:

  • Yours. Everyone has their own unique Secret Key.
  • Secret. Your Secret Key was created on your own device. We have no record of your Secret Key and can’t recover it.

Your Secret Key is not:

  • A license key or serial number. It’s an encryption key that’s unrelated to your purchase.
  • A backup code. It doesn’t let you sign in if you forget your Master Password.

Learn where to find your Secret Key.

Protect your Secret Key

No one can access your 1Password data if they don’t have your Secret Key. That includes you, so make sure you’re always able to find it:

  • Keep it secret. Don’t send it to us or make it public.
  • Keep it safe. Save your Emergency Kit, which contains your Secret Key. Then you’ll be able to find it, even if something happens to your devices.

Learn how to save and protect your Emergency Kit.

How your Secret Key protects you

Your Secret Key and your Master Password both protect your data. They’re combined to create the full encryption key that encrypts everything you store in 1Password.

Because you need to memorize your Master Password, it can only be so strong – about 40 bits of entropy on average. Your Secret Key doesn’t need to be memorized, so it can be much stronger. It has 128 bits of entropy, making it infeasible to guess no matter how much money or computing power an attacker has available.

These differences in entropy and memorability allow your Master Password and Secret Key to protect you from different kinds of threats:

  • Your Master Password protects your data on your devices. Someone who has access to your devices or backups won’t be able to unlock 1Password without your Master Password, which only you know.
  • Your Secret Key protects your data off your devices. Someone who attempts a brute-force attack on our servers won’t be able to decrypt your data without your Secret Key, which we never have.

Like your Master Password, your Secret Key is never sent to us. But because you can’t memorize your Secret Key, 1Password stores copies of it for you, so you can:

  • Unlock 1Password without entering your Secret Key every time. It’s stored in the 1Password apps and browsers you’ve used to sign in to your account on 1Password.com.
  • Have peace of mind if you lose a device. Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Drive enabled and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your Master Password. It’s the same for Android backups.

Learn more

The first two characters of your Secret Key are the version number (“A3”) followed by a 6‑character identifier, both of which are known to us and used to aid in troubleshooting.

The Secret Key was called the “Account Key” in previous versions of 1Password, and may still be labeled that way in your Emergency Kit. They are one and the same.

To find out more about the format of the Secret Key and how it is used in encryption, check out our 1Password Security Design White Paper  

Published: