I’m curious what you think tricky is? For instance, 1Password requires your secret key for initial login/setup on a device along with the username and password. After initial login/setup the secret key is no longer required, but you still need the password to access. I’d call that a fair trade off. Someone would need to know my password and have unfettered access to my previously set up device to login, or they would need to know the secret key. The secret key is not stored by 1Password (the company). If *you* store it in 1Password and the last device is lost/broken/stolen then your account is essentially dead. You have no way to get back in.