undefined | Better HN

0 pointsDavideNL3y ago0 comments

Note that 1Password copies the "Secret Key" to iCloud... without asking.

0 comments

Do you mean iCloud keychain? That's arguably one of the most secure cloud storage in existence.

Yes. And no, because it depends on how users setup and use their AppleID and its passwords/security/devices.

My only point is, if 1Passwords decides to share the private key with [whichever cloud service] the user should at least be notified, or get a choice.

manmal3y ago

> And no, because it depends on how users setup and use their AppleID and its passwords/security/devices.

Can you elaborate what the issue would be? I see that the AppleID password could be a weak link, but that's mostly mitigated by 2FA.

> if 1Passwords decides to share the private key

I'm not aware that they could do that. Their servers have no knowledge of either the password or secret key. Authentication happens via a zero-knowledge proof.

1 more reply

j / k navigate · click thread line to collapse

0 comments

manmal3y ago

Do you mean iCloud keychain? That's arguably one of the most secure cloud storage in existence.

DavideNLOP3y ago

Yes. And no, because it depends on how users setup and use their AppleID and its passwords/security/devices.

My only point is, if 1Passwords decides to share the private key with [whichever cloud service] the user should at least be notified, or get a choice.

manmal3y ago

> And no, because it depends on how users setup and use their AppleID and its passwords/security/devices.

Can you elaborate what the issue would be? I see that the AppleID password could be a weak link, but that's mostly mitigated by 2FA.

> if 1Passwords decides to share the private key

I'm not aware that they could do that. Their servers have no knowledge of either the password or secret key. Authentication happens via a zero-knowledge proof.

1 more reply

j / k navigate · click thread line to collapse