It is used ephemerally to unlock your vaults. It isn't stored anywhere. You're really clutching at straws here.

Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either. Moreover because it lives in your brain the algorithm is inherently low entropy and the resulting passwords will be as well. Furthermore the old adage applies, don’t roll your own crypto.

Your the one that's grasping at straws and doesn't understand that 1P needs to store something in order to validate or generate your master password. The fact that this does happen, makes it less secure in comparison to not storing anything, as you can't hack something which does not exist.

> Given a sample set of passwords derived from a secret heuristic, it could be reversed. The secret heuristic isn't completely safe either.

Sure but this isn't the argument being made. As an analogy, not using any E2E is inherently less secure than using some E2E encryption, but using E2E encryption doesn't automatically mean you're more secure. Simply put, you had asked "What's the difference between a master password and a secret heuristic?" And that difference is a master password (or ways to generate it) must be stored outside your brain, and doing this is inherently less secure than not doing this.

I already told you what it needs to store and it isn’t the master password. No master password needs to be “validated” even when authenticating to 1P servers. You clearly have a fundamental misunderstanding of cryptography. Anyways this is all explained in the 1Password security whitepaper.

No I understand dual key encryption, and like I said, there is still something stored (the key as well as the passwords in the vault). What you do not understand is how this is inherently less secure than not storing anything at all.

To give you a concrete example, 1Password doesn't guarantee you from say, being compromised by a keylogger, and someone stealing your master password (never mind the key which is in fact stored). A secret heuristic doesn't necessarily face such risks. Sure that doesn't automatically mean a secret heuristic guarantees you better security, but that's not the argument.

Sure I’ll cede that storing nothing is safer. Yes an _authenticator_ is stored implicit in the MAC of the ciphertext holding the vault key, so in a way a key stretched version of the master password is validated. So with both a secret key and vault key wrapped ciphertext you can launch an offline attack.

But the keylogger or malware argument is a lazy one tbh, not only does it affect your secret heuristic as any input password is affected, basically no software can be guaranteed to be safe from malware or keylogger except maybe that running in something like a Secure Enclave or if your OS supports secure entry on certain fields (1P on Mac does this). If you’re in that position you got bigger things to worry about anyway.

But anyways it all depends on implementation as I said. 1P also supports passkey unlock eradicating the need for the master password (secret key stays), so you can still have the security you desire, particularly if you use a FIDO2 security key like a yubikey.