Dropbox master password security

jimbobuk

<div class="IPBDescription">resolved in 3.5.4</div>I just updated to the latest version of 1password and setup the dropbox syncing.. all seems to be working ok.



As i setup the dropbox syncing I am sure that I told 1Password NOT to remember my dropbox password for me. My master password is the same on the device as it is on my mac. I think i remember reading that somewhere if your master password matched between the device and mac that it would automatically use the same password when accessing the dropbox files.



This is all great. However I've just noticed that there is a show password button under the dropbox settings.. now as I told 1Password to NOT remember this I was expecting it to be blank.



However within it is my 1password.



More worrying, I presumed this kind of information would require me to unlock with my Master Password in the app. This is not the case.. login with my short keycode, navigate to the dropbox account details and select the button.. tada, there's my 1Password... This is not really what i want.. I want that password to be as hidden as possible, not unlockable with a 4 digit pin number!!!!!



Surely something has gone wrong here?



Thanks for your help.



Cheers



Jim

jpgoldberg

[quote name='jimbobuk' timestamp='1281394014' post='8072']

As i setup the dropbox syncing I am sure that I told 1Password NOT to remember my dropbox password for me. My master password is the same on the device as it is on my mac. I think i remember reading that somewhere if your master password matched between the device and mac that it would automatically use the same password when accessing the dropbox files.[/quote]



Hi Jim!



The automatically using the same password was only for wifi sync between 1Password on iOS and 1Password on Mac where we have full control over both ends of the communication. The situation to ensure secure syncing via dropbox is a bit different.



We still ensure that your data is only unencrypted on your local device when you want it to be and that no third party (that includes Dropbox or us) ever gets hold of your master password.



[quote]

This is all great. However I've just noticed that there is a show password button under the dropbox settings.. now as I told 1Password to NOT remember this I was expecting it to be blank.[/quote]



You were prompted whether 1Password should store your device master password on your phone (needed for automatic syncing). You were not prompted about storing this master password (which in your case happens to be the same).



[quote]

More worrying, I presumed this kind of information would require me to unlock with my Master Password in the app. This is not the case.. login with my short keycode, navigate to the dropbox account details and select the button.. tada, there's my 1Password...[/quote]



I've just tested what you describe and confirmed this. I consider this a design error and will bring this to Roustem's attention immediately. You are correct that this should not be visible with just the unlock code.



[quote]

This is not really what i want.. I want that password to be as hidden as possible, not unlockable with a 4 digit pin number!!!!!

[/quote]



I fully agree with you. I'm filing a bug report now. Thank you for noticing this and letting us know about it.



Please continue to let us know of any problems, particularly ones like this.



Cheers,



-j

jimbobuk

Thanks for your help.. I look forward to this insecurity being fixed. In the meantime, can i delete this password in that option and re-add it everytime i want to sync via dropbox?



I'd really like it if actual dropbox syncing was only done with the master password entered.. It looks like this should be the case, but i'm sure earlier via multitasking it didn't prompt me for the password when i thought it should. It then just said couldn't find any files on dropbox... fully quitting and relaunching it did seem to fix this.



I'd certainly appreciate it if all full actions required me to enter my master password. I'd also like it if perhaps the show password option was able to be disabled fully. To enable it you have to be master password authenticated... just so that it is really hard to access this 1Password. It's your name after all and i think its the right mantra for the project.. i can't imagine having multiple master passwords for different devices.



Cheers

Blah

What concerns me here is that my master password is clearly being stored on the device somewhere. Presumably in the keychain, but still. I'd like to avoid storing that password anywhere since I use it to secure important stuff like all of my other passwords. Could you guys please give us an option to store nothing but the Dropbox password? (And I think this is how it currently works but don't have an option to show the Dropbox password, except as a database entry if the user has put it there.) That would fix all the major problems I have with the app.



I'm also going to go on a huge tangent here and say that I think having the option of different master passwords for the mobile and desktop versions is confusing. It would be a lot easier if every 1password database had two passwords, period: the master password and the less secure 4-digit passcode. Upon launching the mobile app, users could create a new local database or unlock an existing database with an existing password. The existing database could be pulled from Dropbox or other supported sync providers. The existing wi-fi sync could be replaced with either the new iOS file sync feature (which would admittedly require a wired connection to iTunes) or a new wi-fi sync that just transferred the locked database file. Obviously this stuff would require a lot of work to implement relative to the stuff in paragraph 1, but I think it would make it the sync process a lot easier to understand from a user perspective.

jpgoldberg

Hi,



I know this thread has been inactive for a while. We have fixed this particular bug a while back and the fix will definitely be included in our next update. (Sorry, no ETA on when the next update will be released.)



Sorry for not getting this discussion updated earlier.



Cheers,



-j

jpgoldberg

[quote name='Blah' timestamp='1281828049' post='8773']

What concerns me here is that my master password is clearly being stored on the device somewhere. Presumably in the keychain, but still. I'd like to avoid storing that password anywhere since I use it to secure important stuff like all of my other passwords.[/quote]



Hi Blah,



I'm sorry for having lost track of this discussion. But we have a belated answer for you in a document that does discuss how things are stored and why we think that these are safe.



http://help.agile.ws/1Password_touch/how_secure_is_syncing.html





[quote]Could you guys please give us an option to store nothing but the Dropbox password? (And I think this is how it currently works but don't have an option to show the Dropbox password, except as a database entry if the user has put it there.) That would fix all the major problems I have with the app.[/quote]



You can opt to not remember your iOS master password, in which case there will be no automatic syncing. We will certainly look at doing the same for your Dropbox credentials and your desktop master password.



[quote]

I'm also going to go on a huge tangent here and say that I think having the option of different master passwords for the mobile and desktop versions is confusing.[/quote]



A lot of this has to do with the fact that we need to use a very different data file format on iOS than on Mac and PC. This is discussed a bit in the document I've linked to. But mostly, the kinds of passwords that are easy to type on a full keyboard may be much more difficult on an iPhone or iPod Touch keyboard.



[quote]

It would be a lot easier if every 1password database had two passwords, period: the master password and the less secure 4-digit passcode. Upon launching the mobile app, users could create a new local database or unlock an existing database with an existing password.[/quote]



One thing to keep in mind is that the 4 digit unlock code isn't so much an extra layer of protection, but it allows users on iPhones to be able to do something with their data (look through what they have) without having to always type in a complicated master password.



For example, I set my unlock code to "Lock when Inactive", but give a 5 minute time for my master password. This means that when I switch back and forth with fast app switching to copy and paste from 1Password, I only need to enter my four digit unlock code.



The unlock code would not really serve this function on Mac or PC (where your web browser can already look at what entries exist) or on the iPad which has a fuller keyboard and no fast app switching (yet).



Syncing is complicated. What's going on behind the scenes is more involved then many people would like to delve into. I'm the kind of person who really does want to know what is really going on under the hood. (I'm also the kind of person who mixes metaphors too much.) For people like me (and apparently you) we are here to answer these sorts of questions (if we don't lose track of some discussion threads) and we are developing documents like the one I pointed to.



So please let us know if you have more questions.



Cheers,



-j

mp1013

When I open 1password I initially only need my 4-digit code. That's OK; seeing any items that are designated high-security will also require my master password.



But, without the master password, I can get to settings, and then to sync, and then to dropbox sync, and then to account, and then I can click 'show password'. And there is my "Master password for your data file stored on Dropbox" right there in clear text.



That's my main master password, the same master password for 1password on my mac (because I need the datafiles to sync, the master passwords have to be the same), and I can read it starting with just my 4-digit code.

[Deleted User]

Hi mp1013,



Thanks for your post, and welcome to the forums. I've just tried to reproduce this on my iPhone, unlock the app with the 4-digit unlock code and go to Settings > Sync > Dropbox and tap 'Account'. I can see the master password is masked as bullets, but when I tap within the field I don't have the option to reveal this or copy the data out.



I am running a Beta of 1Password Pro 3.5.3 on an iPhone 4 running iOS 4.1, could you confirm which version of 1Password you're running by going to Settings > About from within the 1Password app itself.



Please let me know,







[quote name='mp1013' timestamp='1286337737' post='12761']

When I open 1password I initially only need my 4-digit code. That's OK; seeing any items that are designated high-security will also require my master password.



But, without the master password, I can get to settings, and then to sync, and then to dropbox sync, and then to account, and then I can click 'show password'. And there is my "Master password for your data file stored on Dropbox" right there in clear text.



That's my main master password, the same master password for 1password on my mac (because I need the datafiles to sync, the master passwords have to be the same), and I can read it starting with just my 4-digit code.

[/quote]

khad

Merged thread. Please see above. The behavior described does still exist in 1Password for iPhone (and 1Password Pro on the iPhone) version 3.5.2.



I do not have a time frame for the release right now, but it will be in the next update for sure. As Stu noted, this has already been fixed in the beta we are running but has not yet been submitted to the App Store.



Thanks for your patience.

jjdroit

I too am using the same Master password between my mac and my iPhone. However, the login password for dropbox is (1) hidden unless I enter the Master password, and (2) it is

different. For the problem you described about seeing the dropbox password, you can fix it by turning on the Master protection switch in that login entry.

khad

That is a good tip for making sure that login items are marked as "high-security," jjdroit, but the thread is about the password being visible in the sync settings. As I mentioned above, this will be fixed in the next update.



Cheers!

mp1013

I'm awaiting the new version of the ipod/iphone app, which will not have the glitch of revealing the master password when I've logged in with only my 4-digit code.



However, this glitch makes it apparent that the master password was not and probably will not be stored securely on the ipod/iphone. Turning off the option of showing it in cleartext is a relief, but the promise of the full ap on the mac is that my secure information is stored using modern cryptographic methods. The fact that the 'show in cleartext' option ever existed at all, means that the master password is not well encrypted on the iphone.



So my questions would be: (1) Is the master password seriously encrypted on the mac ap? (2) Have you changed the encryption on the iphone, or just removed the 'show in cleartext' switch?



For those not familiar -- modern cryptography uses non-reversible encryption. You can encrypt a message or password and throw away the original, keeping only the encrypted version. Subsequently a new message or password can be checked to see if it matches the original, but there is no way to go back and deduce the original from the encrypted version, except brute force methods where for instance you try all 8-letter combinations.



The iphone 'show in cleartext' glitch means that the master password was not encrypted using these strong techniques, because the original was recoverable.

khad

Thanks for raising this concern, mp1013. However, if items that were encrypted could not be displayed in the clear, you would never be able to see any of your 1Password data. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



As described in the [url="http://help.agile.ws/1Password_touch/how_secure_is_syncing.html"]How 1Password touch Syncs Securely[/url] section of our documentation, your master password is stored securely in the iOS keychain. It is not stored as a message digest of a cryptographic hash because it needs to be retrievable. What you are referring to would only be useful if we were trying to make sure that a password [i]given to[/i] 1Password for iPhone matched the existing digest. In the case of 1Password syncing via Dropbox, it is necessary to [i]provide[/i] the master password. Thus a digest is not a workable solution.



The password is stored very securely in the iOS keychain, and the only way for a user to retrieve it is by entering the unlock code in 1Password for iPhone after entering the device passcode to unlock the iPhone itself: multi-layer authentication. There is no other way to obtain the stored master password. This is incredibly secure, but we thought it would be nice to make it [i]even more secure[/i] by removing the ability to view the stored master password altogether.



This is already updated in our internal betas and will be available in the next update to 1Password in the App Store. At the moment, I do not have a time frame for when this will be, but it will be impossible to view the stored password in the next update.



For more information about the security of iOS and its keychain, please take a look at the existing [url="http://forum.agile.ws/index.php?/topic/2003-security-question-ios-keychain/"]Security Question: iOS Keychain[/url] thread.



If you have any further questions, please let me know. I would be happy to address them! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

Leading Geek

This seems generally very well thought out, but I found a little loophole that rather worries me. On the iPhone you can use "Show Password" to reveal the master password for the data file on Dropbox - and this only requires the PIN. Makes the master password rather redundant!



Andrew

khad

Hey Andrew,



I moved your post to this other — I believe more appropriate — thread. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



As stated above, the option to reveal the master password will be removed in the next release. Please let me know if you have any further questions or concerns. Thanks!

Ando

Didn't you say that this would be included in the next update? I just updated my iPad and my iPhone to 3.5.3 and on the iPad the option to display the password is still there.

jebr

Well, this does seem to be fixed on the iPhone but not the iPad both running the 3.5.3 universal pro app. The iPhone simply had the "show password" slider removed.

I hope this will be fixed for the iPad soon?

[Deleted User]

[quote name='jebr' timestamp='1290725572' post='15961']

Well, this does seem to be fixed on the iPhone but not the iPad both running the 3.5.3 universal pro app. The iPhone simply had the "show password" slider removed.

I hope this will be fixed for the iPad soon?

[/quote]



Thanks for letting us know about this jebr, and Ando. This should have been removed with the 3.5.3 update to 1Password Pro, and as you said it's gone from the iPhone version. I've reported this to our developers and once they can climb out from the piles of work we're dealing with right now we should be able to get this fixed.



Thanks for your patience folks,

jebr

Seems to be fixed on the iPad now with3.5.4. Thanks

Ando

It's supposed to be fixed? On my iPad the option "Show Password" is still there and it still displays the password. And yes, I've checked, it is version 3.5.4. How can that be?

khad

I have removed a misleading post of mine in this thread. This is fixed for the iPhone in 3.5.4 but not yet for the iPad.



Please do keep in mind that it is only available in 1Password for iPad (or Pro running on an iPad) when 1Password is unlocked (and [b]all of your passwords are available[/b] anyway). The issue on the iPhone was that there is an unlock code as well as a master password and it was visible when only the unlock code was entered. Still secure, but not hidden behind the master password like it is on the iPad.



We have removed this entirely from the iPhone version and will likely do so from the iPad version as well.



I hope that helps explain the situation a bit.

Ando

Yes, I understand the difference between the iPhone and the iPad version and I agree that it's not that big a deal on the iPad, I was merely surprised that jebr said it was fixed on his iPad.

khad

Ah. Thanks for the clarification. Glad we are on the same page. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



I think jebr must have been referring to a different issue...?

gregster

First of all, let me say that I love your products and greatly appreciate all of the hard work you do to create innovative solutions to the complex world of password management. I am an Agile evangelist. Thank you!



Secondly, let me express my genuine concern about the storing of passwords in the iOS keychain which, despite Apple's claims to the contrary, is clearly not secure: http://www.pcworld.com/article/219245/ I understand from you blog post (http://blog.agile.ws/lost-iphone-safe-passwords/), that you use a form of iOS keychain that is more secure than the one that was hacked, but you also recognize some inherent risk in even the form of iOS keychain you use because you still encourage people with a lost iPhone/iPad to change their dropbox and 1password master passwords.



[b]I want to make sure that my 1password iOS master password and my 1password Mac master password are not stored on my device in any way for purposes of dropbox syncing or anything else. Additionally, I do not want my dropbox password stored in the iOS keychain.[/b]



In your article on syncing security (http://help.agile.ws/1Password_touch/how_secure_is_syncing.html), you make the following claims:



"If you prefer to not sync automatically, you need not store any of this information in the iOS keychain. To manually sync with Dropbox you will need to provide the necessary information at each sync. To do so, just perform a sync and afterwards go to Settings > Sync > Dropbox > Account and tap the Reset button."



But, this is not true! On my iPad running 1Password Pro 3.5.5, I have tried "perform[ing] a sync and [then] afterwards go[ne] to Settings > Sync > Dropbox > Account and tap[ped] the Reset button." I even took the extra step of rebooting the iPad. After doing this, if I try to manually sync again, I find that my dropbox password and my 1Password master password do not need to be entered again to re-sync with dropbox. This can only mean that the dropbox password and the master password are being stored on the device even after I reset the sync settings.



Please address this post haste. I love the 1Password platform and the dropbox syncing is handy. I just want to make sure that my 1Password master passwords are not stored anywhere on the iOS device. I would also prefer that the dropbox password is not stored on the device. I am more than willing to endure the heartache of reentering these passwords every time I want to sync.



[b]Alternatively, if I only use wifi sync, I suppose my 1Password master passwords and my dropbox password will never be stored in the iOS keychain. Can you confirm this? If that is true, would not wifi sync be safer?[/b]





Thanks again for the great product and the rapid development cycles. I can't wait to see what you have in store for version 4.0

mp1013

Let me second that. Convenient access is appreciated, but we count on security. This issue has been on the forum for a long while, and it's been repeatedly brushed off. It isn't fixed. Fixing the visibility issue would help, but it also looks as if password security is much weaker behind the scenes than you might be led to believe. Maybe that's an inherent problem of making it usable from an iphone. If so, please say so, and maybe how to use it there with less convenience and more security.



This reminds me of the bic/kryptonite disaster, where the company brushed off reports for years, until the problem suddenly went viral. Reputations get damaged.



I'd appreciate a technically sound response from the company, not more bland reassurance.

khad

Welcome to the forums, gregster! Thanks to both you and mp1013 for raising these excellent concerns. It is great that you are thinking about these issues.



We really do appreciate your kind words, and Agile evangelism. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



With regard to the recent surge of [url="http://news.cnet.com/8301-13506_3-20031297-17.html"]articles[/url] ([url="http://www.youtube.com/watch?v=uVGiNAs-QbY"]and videos[/url]) about a certain iOS exploit, let me just state unequivocally that your 1Password data, including information that 1Password stores in your iOS keychain, remain safe despite the reports that might suggest otherwise. Our most recent blog post details exactly [url="http://blog.agile.ws/lost-iphone-safe-passwords/"]how and why the information 1Password stores in the iOS keychain remains secure[/url]. Please join the discussion in our [url="http://forum.agile.ws/index.php?/topic/2003-security-question-ios-keychain/"]iOS keychain security thread[/url] if you have additional questions or concerns about iOS keychain security.



Now, to address the topic of this thread.



Unfortunately, I cannot reproduce the problem in 1Password for iPhone (or 1Password Pro running on an iPhone since their code is identical). I cannot view the stored [i]Master Password for Mac or PC[/i] without entering the 1Password for iPhone master password. Nor do any Dropbox sync related credentials remain saved after resetting Dropbox syncing.



If you have already entered your [b]Master Password on iPhone[/b], it will already be filled in for you in the first step of the Dropbox syncing setup. If you opt to allow 1Password to remember your [b]1Password for iPhone master password[/b] it will be stored securely in the iOS keychain:



[img]http://help.agile.ws/1Password3/images/tutorials/dropbox_sync/SyncingUnlockMP.png[/img]



[color="#FF0000"]If you have a Dropbox login stored in 1Password for iPhone[/color], it will be used to populate the [b]Login to Dropbox[/b] in the next step of the Dropbox sync setup. This is not pulled from the iOS keychain at this stage but [i]will be[/i] stored securely in the iOS keychain once you confirm this step:



[img]http://help.agile.ws/1Password3/images/tutorials/dropbox_sync/SyncingEnterDropboxLogin.png[/img]



You will then be prompted to enter your [b]Master Password for PC or Mac[/b]. [color="#FF0000"]If you used the same password as you used on Dropbox or your iOS device, it will be used automatically and this step will be omitted.[/color] The password is not being pulled from the iOS keychain; it was cleared from it when you reset Dropbox syncing. Rather, it is being pulled from either the iOS keychain entry for your [b]Master Password on iPhone[/b] (if you opted to save that) or your [b]Login to Dropbox[/b]. Both of which you just entered in the previous two steps.



[img]http://help.agile.ws/1Password3/images/tutorials/dropbox_sync/SyncingEnterDesktopMP.png[/img]



If you restart your iPhone (or just 1Password), you will see the message "Automatic sync disabled" if you have told 1Password not to remember your [b]Master Password for iPhone[/b] in the first step of the Dropbox sync setup.



Essentially, it behaves as expected. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



1Password for iPad is a similar situation. Since the app can only be accessed by entering the [b]Master Password on iPad[/b], it is a bit less complicated.



When you enable Dropbox syncing on your iPad, your [b]Login to Dropbox[/b] will be populated with your Dropbox login stored in 1Password for iPad (if one exists). This will be saved securely in the iOS keychain. It may not be a bad idea to remove the option to reveal the master password for your data file, but this option is not accessible without first entering your [b]Master Password for iPad[/b] which is known only by you. So you are the only one who could possibly see this. (You might consider enabling "Lock When Inactive" if you have not already done so.)



If you want to do a simple test, gregster, [b]delete your Dropbox login[/b], reset Dropbox syncing, and then give it another try. (We provide this functionality for users (including myself) who use a Dropbox password that was created by 1Password's Strong Password Generator. It can be quite a challenge to type manually.)



It would seem to me that the main concern was with the security of storing information in the iOS keychain, which I hope we clearly address in the links I provided at the beginning of this post, but please rest assured that if you want to clear the data 1Password stores in the iOS keychain, all you have to do it reset Dropbox syncing. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



I hope that helps. Please let me know if you have any additional questions or concerns. We are always here to help, and never take any security issues lightly.



Cheers!

gregster

khad,



Thank you for the thoughtful, detailed response. I hope it makes you feel good that I (and evidently some of the other people in the forums) obviously trust 1password and its encryption technique more than I (we) trust iOS, the iOS keychain, and the built in security mechanisms.



It is reassuring to know that Agile, who knows encryption inside and out, trusts iOS keychains so implicitly, but I hope you can address a couple follow up questions for me:



1. If I use wifi sync, is my 1Password stored in an iOS keychain?

2. If I started with dropbox sync and switch to wifi sync, is the 1Password that was previously stored in the iOS keychain removed?



Overall, I really don't care for my 1Password being stored anywhere except my brain.

khad

[quote]Thank you for the thoughtful, detailed response.[/quote]

You are most welcome! As I said before, we are always here to help. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



[quote]I hope it makes you feel good that I (and evidently some of the other people in the forums) obviously trust 1password and its encryption technique more than I (we) trust iOS, the iOS keychain, and the built in security mechanisms.[/quote]

We really appreciate the vote of confidence. Our business is security, and we strive to always have this focus. There may come a time when something catches us off guard and we have to be quite agile indeed to resolve it, but this iOS keychain research was not one of those times. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



[quote]It is reassuring to know that Agile, who knows encryption inside and out, trusts iOS keychains so implicitly, but I hope you can address a couple follow up questions for me:[/quote]

I wouldn't say we trust [i]anything[/i] implicitly. That would not be good security. We have vetted the manner in which we make use of the iOS keychain and found it suitable to our purposes.



[quote]1. If I use wifi sync, is my 1Password stored in an iOS keychain?[/quote]

1Password on your Mac doesn’t know the master password or unlock code for 1Password on your device, and 1Password on your device doesn’t know the master password on your Mac. In order to engage in Wi-Fi syncing, 1Password on your device and on your Mac need to be unlocked. 1Password on your device and on your Mac securely negotiate a session key that they will use for encrypting the data during this exchange.



When 1Password on your Mac wishes to send something to 1Password on your iOS device it will decrypt the information it has in your data on your Mac then re-encrypt that using the session key. 1Password on your iPhone, iPad or iPod touch will decrypt that information with the session key and then re-encrypt it for the database on your device.



The authorization (secret words) used when you first established Wi-Fi syncing to your Mac allowed your device and 1Password on the Mac to securely set up keys that they can use to identify each other. This ensures that you only sync between the systems that you have authorized for syncing.



(from our [url="http://help.agile.ws/1Password_touch/how_secure_is_syncing.html"]How 1Password touch Syncs Securely[/url] document)



[quote]2. If I started with dropbox sync and switch to wifi sync, is the 1Password that was previously stored in the iOS keychain removed[/quote]

As previously mentioned, [color="#FF0000"]if you reset Dropbox syncing ([b]Settings > Sync > Dropbox > Account > Reset[/b]) the information 1Password stores for Dropbox syncing is removed from the iOS keychain[/color]. Otherwise, the information persists. This comes in handy if you ever want to do a quick Wi-Fi sync while at home to take advantage of its speed and then switch back to Dropbox syncing when you head out the door. You can simply flip the switch and be back up and running with Dropbox syncing. No need to go through the entire setup process again.



[quote]Overall, I really don't care for my 1Password being stored anywhere except my brain.[/quote]

Understandable. That is why we provide (1) the option to sync manually via Dropbox, (2) a method to clear previously stored Dropbox sync credentials, and (3) Wi-Fi sync which makes no use of any of your master passwords for Mac, iPhone, or iPad.



Please let me know if there is anything I missed. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Cheers,

gregster

[quote name='khad' timestamp='1297636749' post='20558']



We really appreciate the vote of confidence. Our business is security, and we strive to always have this focus. There may come a time when something catches us off guard and [b][u]we have to be quite agile[/b][/u] indeed to resolve it, but this iOS keychain research was not one of those times. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



[/quote]



Thanks again for the meaningful response. By the way, that was a nice pun.

khad

Cheers! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_bigsmile.png' class='bbc_emoticon' alt=':-D' />