How does 1password share password work?

287    Asked by AndreaBailey in Cyber Security , Asked on Mar 30, 2022

The password manager 1Password has a feature where multiple accounts in a group ("family") can share login information with each other.


From my understanding, a password manager is never supposed to know my passwords because they are encrypted with my master password before being sent "to the cloud".


How then can I decrypt / see the password that a family member shares with me through the Shared Vault without 1Password decrypting it?


If all passwords are encrypted with my private master password, how can it be possible that another user can decrypt it without me or the password manager knowing the master password of the other person?

Answered by Alison Kelly

A common solution for 1password share password is key encapsulation. All the shared passwords are encrypted with one randomly-generated key. Then the password manager creates a copy of that key for every user and encrypts each copy with a key derived from that user's password. When a user wants to access the shared password list, they first decrypt their copy of the shared key, and then decrypts the passwords with it.



Your Answer

Interviews

Parent Categories