It occurred to me sometime after I’d finished my talk that I should have a single post that pulls all the elements together. So here’s a complete walkthrough from Master Password all the way to decrypted Vault Item.
If you’ve missed the first parts of the series, here’s a good starting point.
General Process First, let’s review the overall sequence of events. It’s a little complicated at the beginning, depending on which client we’re using.
Thanks for reading! I hope you’ve enjoyed this deep dive into how 1Password works.
We’ve covered a lot:
Why I even went down this path Unlocking macOS clients and the 2SKD process Unlocking Windows clients Decrypting data in the cloud-based vault system Unlocking and decrypting local vaults But there’s actually quite a bit I haven’t touched upon.
Password Strength One thing I totally skipped over was the strength of the master password.
To conclude (for now) this extensive look at 1Password, we’ll go back a little to see how local private vaults work. Initially, local vaults were all you had (though they could be synced over Dropbox and other methods). These are documented separately from the cloud based “Teams” system. Now, local vaults are basically being discouraged in favor of the cloud system.
But you can still have a mix of local and loud vaults.