Every design decision in 1Password begins with the safety and privacy of your data in mind. It takes a combination of policy, innovative thinking, and a deep respect for your right to privacy.
Every time you use 1Password, your data is encrypted before a single byte ever leaves your devices. Your encryption keys are protected by your Master Password, so only you have the keys to unlock your secrets.
Our security recipe starts with AES-256 bit encryption and uses multiple techniques to protect your data at rest and in transit.
Not just the password you use to unlock your vault, it also plays a key role in encryption. Only you know your Master Password and it is not stored anywhere.
Also a star player in key derivation, this unique 128-bit identifier is generated locally. Only you have your Secret Key and it never leaves your devices.
A zero knowledge protocol that encrypts all traffic over the network. It also verifies the authenticity of the remote server before sending your information over TLS/SSL.
Security professionals recommend using multiple authentication factors: “something you know”, like your password, and “something you have”, like an authenticator app on your phone.
The Secret Key takes this idea to the next level. It doesn’t just authenticate you with our servers; it also plays a direct role in encrypting your data. That’s important, because it strengthens your Master Password exponentially. And since it never gets sent to us, your Secret Key can’t be reset, intercepted, or evaded.
1Password is built with modern, open source libraries and industry-proven solutions. So you get lightning-fast performance, a technology stack you can trust, and top-notch reliability.
1Password runs on Amazon Web Services, the largest and most secure infrastructure provider on the planet. Alongside great scalability and high availability, AWS also enables us to use KMS Hardware Encryption to further harden your SRP Verifier.
1Password is the first and only password manager to use WebCrypto, the next generation standard from the W3C.
WebCrypto provides direct access to the system’s secure random number generator, making truly secure cryptography possible in the browser for the first time.
And did we say it’s fast? WebCrypto is over 10x faster than traditional crypto libraries, so you don’t have to wait to get first-class security.
We believe security shouldn't be proprietary. 1Password only uses standard, documented data formats and encryption methods, so you can import and export your most important information at any time.
A potent cocktail of AES-256 encryption and PBKDF2 key derivation ensures that no one but you can see into your data. Everything from your passwords to the addresses of your saved websites are fully encrypted whenever you aren't using 1Password.Learn more about 1Password security.
We document our entire encryption design so security experts from across the globe can review it. Here are just a few of the processes we document:
We cover all these (and more) in great depth in our white paper. It’s a great read and stuffed with geeky details, illustrations, and fun stories. We highly recommend it.