I' not taking about the risk of storing all your passwords somewhere in the cloud here. I'm just trying to understand some side effects of using it. Is it correct that
- if I forget the master password then I'm doomed and can't access anything any more
- if the password storage file is corrupt or some reason (this happened to me once with an iCloud-synced file) then all my passwords are gone, too
- I won't be able to log in to anything any more using another computer (e.g. at a friend's home) because it's 1Password that knows all my password (not me any more)
Or did I miss anything and these concerns are not valid?
Hi there. Friendly neighborhood 1Password Tech Support guy here. Figure I can chime in on this. You're of course free to ignore my suggestions
1) Your data is lost if you lose your master password.
I combat this by having my master password written down on a piece of paper (along with instructional information in case I die) and put it in my safe deposit box. This serves two purposes: It's there if I forget it and it's there in case I die and someone needs access to my accounts (banking, credit cards, etc) to cancel or handle those things that happen when you die.
2) We store your data only on the device unless you specify to us to store it in the cloud. This means we keep two copies of the data. One locally on the device and one on the cloud. If the data is corrupt, it may or may not corrupt the data locally. This is why you keep backups, right?
I mean, you are backing up your important data. I hope.
Part of the above master password procedure is that I put a thumbdrive in the safe deposit box along with my keychain file. I have two thumb drives and I rotate them in and out on a bi weekly basis. So roughly every two weeks I go in, drop off an up to date backup of the thumb drive and take the out of date one with me. Repeat the cycle. The thumbdrive actually has several backups:
thumbdrive/2013/01-January/Date/1Password.agilekeychain
thumbdrive/2013/01-January/Date2/1Password.agilekeychain
thumbdrive/2013/02-February/Date/1Password.agilekeychain
So if one of the most recent backups is corrupt, I have the past 30 or so (i think, it's not a hard rule). The keychain is pretty small so having dozens of copies doesn't take up much space.
Obviously the thumbdrive contains other data, contact information exported from Contacts, SSH keys (which are actually in 1Password), and other important files that I must have access to.
Of course, I also have a local backup that I make with Time Machine (or in my real case Carbon Copy Cloner, but TM works fine). And I use Crashplan for online backup.
Cover your bases. Backup your important data. Don't wait for that time when something does go crash and boom and your data is gone. It only takes this happening once before many people jump on the backup bandwagon.
3) Use the iOS app or 1PasswordAnywhere. Both facilitate accessing your passwords remotely. That same keychain file i put on a flashdrive? Yup, it's on Dropbox as well. I can then log into my Dropbox and goto the keychain folder then 1Password.html to view my data.
Hope that helps!
----------
You do not have to. Sharing via dropbox is your choice. 1Password creates a local encrypted vault that you do not have to share.
/Jim
In the US at least, your money is protected by various laws and you can get it back if it was removed by someone other than yourself.
But, if you choose a strong master password and protect yourself properly by not installing random pieces of software that are untrusted. You should be just fine.
We all use Dropbox at AgileBits. If we didn't trust it, we wouldn't put it in the application. Use a strong master password to protect your data and you'll be fine. We never transmit that data over the internet so it is only ever at risk if someone has a keylogger installed on your device (and we have mechanisms in place to prevent that from gaining access to your typed in password as well).
If you have real specific questions regarding Cloud storage and 1Password please let me know. Again, we wouldn't put it in there if it wasn't secure.