Zero-knowledge encryption


Want to give your accounts the ultimate zero-trust security? 1Password zero-knowledge encryption means that no one but you can access and decrypt your securely stored data.

What does zero-knowledge mean?

Zero-knowledge refers to techniques that allow you to prove you know certain information without revealing the information itself. It’s a clever process that lets you prove that you know something – like a password – without actually revealing it. By providing small pieces of information, you can show that you know the sum of the parts.

In the context of a password manager, zero-knowledge means 1Password never has access to the encryption keys required to read your data. In addition, you can log in and access your sensitive information without your account password itself ever being sent over the network to 1Password.

How does zero-knowledge encryption protect you?

Zero-knowledge encryption is a crucial way that software developers, including 1Password, can keep your information secure.

If the server where your data is stored also contains your encryption keys, an attacker could theoretically attack one place and seize both your information and the means to read it. That’s like buying a safe and sticking the key or combination code to the door.

Zero-knowledge encryption means that no one but you – not even the company that’s storing the data – can access and decrypt your data. This protects your information even if the server where it’s held is ever breached.

How 1Password uses zero-knowledge encryption to protect your account

1Password’s security model is designed not to rely on any single point of failure. Three things are required to decrypt your data:

  • Your account password
  • An additional encryption ingredient known as your Secret Key
  • The encrypted vault data itself

Only your encrypted vault data is stored on 1Password’s servers.

The power of the Secret Key

Only you know your account password, and your Secret Key is generated on your device during setup. The two are combined locally to encrypt your vault data and are never sent to 1Password. Because only the encrypted data in your vault lives on our servers, neither 1Password nor an attacker who manages to figure out your account password would be able to access your vaults.

As a result, even if someone steals or guesses your 1Password account password, they still can’t access your account.

Learn more about 1Password’s zero-knowledge encryption

You can learn more about zero-knowledge encryption and how it protects your sensitive information, as well as other 1Password security features aimed to keep you safe, by reading our white paper.

You can also learn more about the Secret Key, how it works, and the role it plays in our encryption model.

Try 1Password free and get zero knowledge encryption to make sure that you and only you have access to the private information stored in your password vault.