Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 13, 2013, 07:28 PM   #1
keaide
macrumors regular
 
Join Date: Nov 2010
Risks of using 1Password?

I' not taking about the risk of storing all your passwords somewhere in the cloud here. I'm just trying to understand some side effects of using it. Is it correct that
  1. if I forget the master password then I'm doomed and can't access anything any more
  2. if the password storage file is corrupt or some reason (this happened to me once with an iCloud-synced file) then all my passwords are gone, too
  3. I won't be able to log in to anything any more using another computer (e.g. at a friend's home) because it's 1Password that knows all my password (not me any more)

Or did I miss anything and these concerns are not valid?
keaide is offline   0 Reply With Quote
Old Feb 13, 2013, 07:47 PM   #2
mon999
macrumors newbie
 
Join Date: Dec 2012
i thought of these possibilities once i started using 1password on my mac..
so:
1. i chose the same password as my primary email that i have been using for ages. i will less likely forget that one.

2. i feel safer now that i got the iphone app as well and they sync nicely.
if i lose data on one device, i always can access the other.

3. you can sync with dropbox but i'm not sure if you can actually see your password somehow.
mon999 is offline   0 Reply With Quote
Old Feb 13, 2013, 09:31 PM   #3
2012Tony2012
macrumors 6502a
 
2012Tony2012's Avatar
 
Join Date: Dec 2012
You are better off using an App that stores personal information and passwords encrypted locally, I would never trust anything in the cloud. You may wake up one morning and have $0 in all your bank acccounts.
2012Tony2012 is offline   1 Reply With Quote
Old Feb 14, 2013, 02:31 AM   #4
keaide
Thread Starter
macrumors regular
 
Join Date: Nov 2010
Quote:
Originally Posted by mon999 View Post
i thought of these possibilities once i started using 1password on my mac..
so:
2. i feel safer now that i got the iphone app as well and they sync nicely.
if i lose data on one device, i always can access the other.
Will version 4 not sync automatically via iCloud? So if the data file is corrupt, it will sync a broken one to all devices...

@2012Tony2012: That's definitely the other issue. There is actually not much compelling reason why you should trust any cloud service with your entire digital life and real-world bank accounts other than convenience.
keaide is offline   0 Reply With Quote
Old Feb 14, 2013, 02:33 AM   #5
HazyCloud
macrumors 68030
 
HazyCloud's Avatar
 
Join Date: Jun 2010
Quote:
Originally Posted by 2012Tony2012 View Post
You are better off using an App that stores personal information and passwords encrypted locally, I would never trust anything in the cloud. You may wake up one morning and have $0 in all your bank acccounts.
1Password stores your info in an encrypted file in Dropbox that even 1Password can't open without your master password.

Also 1Password stores all of your info locally unless you choose to store it on Dropbox.

Quote:
Originally Posted by keaide View Post
Will version 4 not sync automatically via iCloud? So if the data file is corrupt, it will sync a broken one to all devices...

@2012Tony2012: That's definitely the other issue. There is actually not much compelling reason why you should trust any cloud service with your entire digital life and real-world bank accounts other than convenience.
I think that even if your iCloud data was borked, 1Password would still open. It may just not grab any recently added info.
__________________
If you have a question about my post, quote me so I am notified and can easily reply to you.
HazyCloud is offline   0 Reply With Quote
Old Feb 14, 2013, 02:37 AM   #6
mon999
macrumors newbie
 
Join Date: Dec 2012
Quote:
Originally Posted by keaide View Post
Will version 4 not sync automatically via iCloud? So if the data file is corrupt, it will sync a broken one to all devices...


i don't think it does.. by default, it does not sync anything nor does it save anything online. it only saves data locally unless you tell it to do otherwise.
mon999 is offline   0 Reply With Quote
Old Feb 14, 2013, 02:38 AM   #7
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by 2012Tony2012 View Post
You are better off using an App that stores personal information and passwords encrypted locally, I would never trust anything in the cloud. You may wake up one morning and have $0 in all your bank acccounts.
You do not have to. Sharing via dropbox is your choice. 1Password creates a local encrypted vault that you do not have to share.

/Jim
flynz4 is offline   0 Reply With Quote
Old Feb 14, 2013, 02:39 AM   #8
HazyCloud
macrumors 68030
 
HazyCloud's Avatar
 
Join Date: Jun 2010
Quote:
Originally Posted by mon999 View Post
Image

i don't think it does.. by default, it does not sync anything nor does it save anything online. it only saves data locally unless you tell it to do otherwise.
They're referring to the Mac version which will sync via iCloud (if it's from the MAS), but you're right, you can always turn it off and sync locally over Wi-Fi.
__________________
If you have a question about my post, quote me so I am notified and can easily reply to you.
HazyCloud is offline   0 Reply With Quote
Old Feb 14, 2013, 02:47 AM   #9
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by keaide View Post
I' not taking about the risk of storing all your passwords somewhere in the cloud here. I'm just trying to understand some side effects of using it. Is it correct that
  1. if I forget the master password then I'm doomed and can't access anything any more
  2. if the password storage file is corrupt or some reason (this happened to me once with an iCloud-synced file) then all my passwords are gone, too
  3. I won't be able to log in to anything any more using another computer (e.g. at a friend's home) because it's 1Password that knows all my password (not me any more)

Or did I miss anything and these concerns are not valid?
  1. Duh... but you use it every day. Plus... my wife and I share the same master password... so if Alzheimer's kicks in... the other takes control
  2. 1Password saves daily backups... I think to a maximum of 30 by default. Plus... you do have backup right?
  3. Personally... I never use other people's computers at all. I do not want to type into their keylogger. Still... you can always get your passwords off of you iPhone, iPad, Android or whatever you have with you. 1Password optionally lets you have encrypted access via 1Password via a web browser... but I do not put my data out there. I do not need to since I never use 3rd party computers... ever.

/Jim

----------

Quote:
Originally Posted by HazyCloud View Post
They're referring to the Mac version which will sync via iCloud (if it's from the MAS), but you're right, you can always turn it off and sync locally over Wi-Fi.
I think just the new iOS version has the capability to sync via iCloud. The MAS version can sync via WiFi (manually) or via Drobpox (Automatically).

I would assume that 1Password 4 will add iCloud sync... but it will also need to sync via Dropbox since 1Password is a cross-platform application.

/Jim
flynz4 is offline   0 Reply With Quote
Old Feb 14, 2013, 03:03 AM   #10
HazyCloud
macrumors 68030
 
HazyCloud's Avatar
 
Join Date: Jun 2010
Quote:
Originally Posted by flynz4 View Post
I would assume that 1Password 4 will add iCloud sync... but it will also need to sync via Dropbox since 1Password is a cross-platform application.

/Jim
It won't have to have sync via Dropbox ever. That's totally optional. A user can just sync via Wi-Fi or via iCloud if they choose. Now if you wanted to sync it with the Windows version, sure you'd need to sync via Dropbox.
__________________
If you have a question about my post, quote me so I am notified and can easily reply to you.
HazyCloud is offline   0 Reply With Quote
Old Feb 14, 2013, 04:19 AM   #11
colshine
macrumors regular
 
Join Date: Mar 2011
Location: UK
Quote:
Originally Posted by keaide View Post
if I forget the master password then I'm doomed and can't access anything any more
If you forget you master password then you lose access to the datafile:

http://help.agilebits.com/1Password3..._password.html

I like this approach, which is why I selected 1Password.

Quote:
Originally Posted by keaide View Post
if the password storage file is corrupt or some reason (this happened to me once with an iCloud-synced file) then all my passwords are gone, too
Make sure you're creating backups:

http://help.agilebits.com/1Password3/data_backup.html

Quote:
Originally Posted by keaide View Post
I won't be able to log in to anything any more using another computer (e.g. at a friend's home) because it's 1Password that knows all my password (not me any more)
They have thought of this:

http://help.agilebits.com/1Password3...danywhere.html

EDIT: If you're using the MAS version it is a little different:

http://forum.agilebits.com/index.php...mac-app-store/

Quote:
What happened to my backups?

1Password creates a daily backup of your information in the ~/Library/Containers/com.agilebits.onepassword-osx-helper/ directory. Up to 30 backups are kept at a time. This is not currently a user-configurable option.
__________________
 2011 MBP 15 inch |  iPad 3 |  iPhone 5 |  TV 3
colshine is offline   0 Reply With Quote
Old Feb 14, 2013, 07:46 AM   #12
scarred
macrumors 6502a
 
Join Date: Jul 2011
For me, getting 1Password was step one to organizing my information. Buy 1Password, store everything in there. From passwords to passport numbers to software licenses.

Step 2. Buy a fire safe for my house. Write down my master password, and put it in there. In fact, I wrote instructions for someone to sort it all out if I'm no longer around.

Step 3. Get a backup plan in place. Time Machine to an external hard drive, and a subscription to backblaze.
scarred is offline   0 Reply With Quote
Old Feb 14, 2013, 07:52 AM   #13
colshine
macrumors regular
 
Join Date: Mar 2011
Location: UK
Quote:
Originally Posted by scarred View Post
Step 3. Get a backup plan in place. Time Machine to an external hard drive, and a subscription to backblaze.
That's a good point, have a look at Arq for what I consider a straight forward backup plan to Amazon S3.
__________________
 2011 MBP 15 inch |  iPad 3 |  iPhone 5 |  TV 3
colshine is offline   0 Reply With Quote
Old Feb 14, 2013, 09:37 AM   #14
AGKyle
macrumors regular
 
Join Date: Jun 2012
 
Quote:
Originally Posted by keaide View Post
I' not taking about the risk of storing all your passwords somewhere in the cloud here. I'm just trying to understand some side effects of using it. Is it correct that
  1. if I forget the master password then I'm doomed and can't access anything any more
  2. if the password storage file is corrupt or some reason (this happened to me once with an iCloud-synced file) then all my passwords are gone, too
  3. I won't be able to log in to anything any more using another computer (e.g. at a friend's home) because it's 1Password that knows all my password (not me any more)

Or did I miss anything and these concerns are not valid?
Hi there. Friendly neighborhood 1Password Tech Support guy here. Figure I can chime in on this. You're of course free to ignore my suggestions

1) Your data is lost if you lose your master password.

I combat this by having my master password written down on a piece of paper (along with instructional information in case I die) and put it in my safe deposit box. This serves two purposes: It's there if I forget it and it's there in case I die and someone needs access to my accounts (banking, credit cards, etc) to cancel or handle those things that happen when you die.

2) We store your data only on the device unless you specify to us to store it in the cloud. This means we keep two copies of the data. One locally on the device and one on the cloud. If the data is corrupt, it may or may not corrupt the data locally. This is why you keep backups, right? I mean, you are backing up your important data. I hope.

Part of the above master password procedure is that I put a thumbdrive in the safe deposit box along with my keychain file. I have two thumb drives and I rotate them in and out on a bi weekly basis. So roughly every two weeks I go in, drop off an up to date backup of the thumb drive and take the out of date one with me. Repeat the cycle. The thumbdrive actually has several backups:

thumbdrive/2013/01-January/Date/1Password.agilekeychain
thumbdrive/2013/01-January/Date2/1Password.agilekeychain
thumbdrive/2013/02-February/Date/1Password.agilekeychain

So if one of the most recent backups is corrupt, I have the past 30 or so (i think, it's not a hard rule). The keychain is pretty small so having dozens of copies doesn't take up much space.

Obviously the thumbdrive contains other data, contact information exported from Contacts, SSH keys (which are actually in 1Password), and other important files that I must have access to.

Of course, I also have a local backup that I make with Time Machine (or in my real case Carbon Copy Cloner, but TM works fine). And I use Crashplan for online backup.

Cover your bases. Backup your important data. Don't wait for that time when something does go crash and boom and your data is gone. It only takes this happening once before many people jump on the backup bandwagon.

3) Use the iOS app or 1PasswordAnywhere. Both facilitate accessing your passwords remotely. That same keychain file i put on a flashdrive? Yup, it's on Dropbox as well. I can then log into my Dropbox and goto the keychain folder then 1Password.html to view my data.

Hope that helps!

----------

Quote:
Originally Posted by flynz4 View Post
You do not have to. Sharing via dropbox is your choice. 1Password creates a local encrypted vault that you do not have to share.

/Jim
In the US at least, your money is protected by various laws and you can get it back if it was removed by someone other than yourself.

But, if you choose a strong master password and protect yourself properly by not installing random pieces of software that are untrusted. You should be just fine.

We all use Dropbox at AgileBits. If we didn't trust it, we wouldn't put it in the application. Use a strong master password to protect your data and you'll be fine. We never transmit that data over the internet so it is only ever at risk if someone has a keylogger installed on your device (and we have mechanisms in place to prevent that from gaining access to your typed in password as well).

If you have real specific questions regarding Cloud storage and 1Password please let me know. Again, we wouldn't put it in there if it wasn't secure.
__________________
Kyle
AgileBits - Makers of 1Password
1Password Help
Contact Us
AGKyle is offline   0 Reply With Quote
Old Feb 14, 2013, 09:45 AM   #15
Tilpots
macrumors 68040
 
Tilpots's Avatar
 
Join Date: Apr 2006
Location: Carolina Beach, NC
Quote:
Originally Posted by 2012Tony2012 View Post
You are better off using an App that stores personal information and passwords encrypted locally, I would never trust anything in the cloud. You may wake up one morning and have $0 in all your bank acccounts.
If you have a bank account, your money is in the cloud. So...


Quote:
Originally Posted by AGKyle View Post

2) We store your data only on the device unless you specify to us to store it in the cloud. This means we keep two copies of the data. One locally on the device and one on the cloud. If the data is corrupt, it may or may not corrupt the data locally. This is why you keep backups, right? I mean, you are backing up your important data. I hope.

If syncing over Dropbox, an iCloud backup would restore the local file if the Dropbox file corrupted, correct?
__________________
A tree is known by its fruit.
Tilpots is offline   0 Reply With Quote
Old Feb 14, 2013, 09:53 AM   #16
AGKyle
macrumors regular
 
Join Date: Jun 2012
 
Quote:
Originally Posted by Tilpots View Post
If syncing over Dropbox, an iCloud backup would restore the local file if the Dropbox file corrupted, correct?
This is actually beyond my knowledge of the application. So, I do apologize I'm not going to be able to provide an accurate response. I'll try to pull someone into this thread from the company that can answer it more thoroughly though.

If this won't work and you want to know more about this please email us on our support page (see my signature). Put Attention: Kyle in the subject and they'll assign it to me and I'll dig into it more and talk to the developers and our security guy who would know a lot more about this type of scenario and what will happen.
__________________
Kyle
AgileBits - Makers of 1Password
1Password Help
Contact Us

Last edited by AGKyle; Feb 18, 2013 at 10:11 AM.
AGKyle is offline   0 Reply With Quote
Old Feb 14, 2013, 12:16 PM   #17
colshine
macrumors regular
 
Join Date: Mar 2011
Location: UK
Quote:
Originally Posted by AGKyle View Post
Part of the above master password procedure is that I put a thumbdrive in the safe deposit box along with my keychain file. I have two thumb drives and I rotate them in and out on a bi weekly basis. So roughly every two weeks I go in, drop off an up to date backup of the thumb drive and take the out of date one with me. Repeat the cycle. The thumbdrive actually has several backups:

thumbdrive/2013/01-January/Date/1Password.agilekeychain
thumbdrive/2013/01-January/Date2/1Password.agilekeychain
thumbdrive/2013/02-February/Date/1Password.agilekeychain

So if one of the most recent backups is corrupt, I have the past 30 or so (i think, it's not a hard rule). The keychain is pretty small so having dozens of copies doesn't take up much space.
Due to a combination of being lazy, not enough time and the difficulty in getting hold of a safe deposit box I choose instead to create a backup to the cloud. The 1Password backup files are encrypted again locally and then uploaded to the cloud.

If something went wrong with the local file, my local backup strategy or the dropbox sync files then I would still have copies of the last 30 backups available in the cloud.
__________________
 2011 MBP 15 inch |  iPad 3 |  iPhone 5 |  TV 3
colshine is offline   0 Reply With Quote
Old Feb 15, 2013, 03:57 AM   #18
2012Tony2012
macrumors 6502a
 
2012Tony2012's Avatar
 
Join Date: Dec 2012
Quote:
Originally Posted by Tilpots View Post
If you have a bank account, your money is in the cloud. So... ..
But it's in the banks cloud, not some third party company I have no idea about.
2012Tony2012 is offline   0 Reply With Quote
Old Feb 15, 2013, 08:59 AM   #19
maflynn
Moderator
 
maflynn's Avatar
 
Join Date: May 2009
Location: Boston
Quote:
Originally Posted by 2012Tony2012 View Post
But it's in the banks cloud, not some third party company I have no idea about.
You sure about that. Banks outsource all the time, we have no idea where our financial data is stored.
__________________
~Mike Flynn
maflynn is offline   0 Reply With Quote
Old Feb 15, 2013, 09:41 AM   #20
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
Quote:
Originally Posted by 2012Tony2012 View Post
But it's in the banks cloud, not some third party company I have no idea about.
Your unencrypted data is in the bank's cloud. It needs to be unencrypted... because they need to manage the data on your behalf. Hence... any security breach exposes your data.

By contrast... when you choose to sync 1Password... your encrypted data is stored on the cloud... using a key that you control and only you know. Hence... despite any security breach... you data remains safe.

/Jim
flynz4 is offline   0 Reply With Quote
Old Feb 15, 2013, 11:14 AM   #21
carlgo
macrumors 68000
 
Join Date: Dec 2006
All this is far, far too scary and nerdy. While it is surely a fine program, I stopped using it and went back to hidden notes.
carlgo is offline   0 Reply With Quote
Old Feb 15, 2013, 11:20 AM   #22
maflynn
Moderator
 
maflynn's Avatar
 
Join Date: May 2009
Location: Boston
Quote:
Originally Posted by flynz4 View Post
because they need to manage the data on your behalf.
That's not entirely true. Many current enterprise databases contain the ability to encrypt data and only the application (or user) that is authorized will decrypt the data - all very seamless and automatic (Oracle for instance can do this).

Whether the banks do this is another question, but given the laws that are on the books, I'd be surprised if banks and other financial institutions don't do this.

----------

Quote:
Originally Posted by carlgo View Post
All this is far, far too scary and nerdy. While it is surely a fine program, I stopped using it and went back to hidden notes.
Why is it scary? I find 1Password to be safe and stable to project my data.

I use FileVault, and so the data only drive is encrypted and so is my 1Password datafile. If people do not want to risk having their 1Password data file exposed in dropbox then they don't need too.
__________________
~Mike Flynn
maflynn is offline   0 Reply With Quote
Old Feb 15, 2013, 12:16 PM   #23
pitaya
macrumors member
 
Join Date: Jun 2012
Quote:
Originally Posted by AGKyle View Post
3) Use the iOS app or 1PasswordAnywhere. Both facilitate accessing your passwords remotely. That same keychain file i put on a flashdrive? Yup, it's on Dropbox as well. I can then log into my Dropbox and goto the keychain folder then 1Password.html to view my data.
would you mind commenting on the security implications when using 1PasswordAnywhere? Most of the 1password contents are encrypted, but 1Password.html and other stuff isn't. Is there anything in place to mitigate the chance of those being modified? Maybe published gpg signatures, or a list of checksums?

Thanks!
pitaya is offline   0 Reply With Quote
Old Feb 15, 2013, 02:39 PM   #24
2012Tony2012
macrumors 6502a
 
2012Tony2012's Avatar
 
Join Date: Dec 2012
Quote:
Originally Posted by maflynn View Post
You sure about that. Banks outsource all the time, we have no idea where our financial data is stored.
Fair and valid point.

----------

Quote:
Originally Posted by flynz4 View Post
Your unencrypted data is in the bank's cloud. It needs to be unencrypted... because they need to manage the data on your behalf. Hence... any security breach exposes your data.

By contrast... when you choose to sync 1Password... your encrypted data is stored on the cloud... using a key that you control and only you know. Hence... despite any security breach... you data remains safe.

/Jim
I do feel more safe and peace of mind using MoxierWallet as my data is encrypted locally on my hard drive only and not in the cloud.
2012Tony2012 is offline   0 Reply With Quote
Old Feb 15, 2013, 04:06 PM   #25
colshine
macrumors regular
 
Join Date: Mar 2011
Location: UK
Quote:
Originally Posted by 2012Tony2012 View Post

I do feel more safe and peace of mind using MoxierWallet as my data is encrypted locally on my hard drive only and not in the cloud.
1Password encrypts the contents locally before syncing to the cloud. I would never have used 1Password unless I thought they took security seriously.
__________________
 2011 MBP 15 inch |  iPad 3 |  iPhone 5 |  TV 3
colshine is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
1Password for Mac Gets Updated with 30 New Features, 1Password Mini Item Editing MacRumors Mac Blog Discussion 248 May 25, 2014 01:03 PM
Apple TV: Selling Apple TV 2 - any risks? n1ck Jailbreaks and iOS Hacks 2 Oct 7, 2013 03:13 PM
Employer installed a profile on my phone - risks? italianplaya iPhone 25 Sep 30, 2013 10:01 AM
Refurb Risks? MacZak MacBook Pro 18 May 28, 2013 09:53 PM
How easy is it to put an SSD into an iMac and what are the risks? gusping iMac 9 Nov 13, 2012 09:52 PM

Forum Jump

All times are GMT -5. The time now is 08:06 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC