This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Title of secure notes in plain text!
Hi,
I am shocked. I can see all titles (headlines) of my secure notes in plain text, if I open the 1password files with text editor!
..\1Password.agilekeychain\data\default\0A47D2529F7945559872820FB118B72C.1password
"keyID":"F75A2FF442834636A951E5FACD00F512",
"locationKey":"",
"encrypted":"U2FsdGVkX1/vxtc6fe9tNOBo4jCmsKle4NbI4OOj40oFFXGRL6wWOAuso95jh4Ft\u0000",
"typeName":"securenotes.SecureNote",
"location":"",
"uuid":"0A47D2529F7945559872820FB118B72C",
"updatedAt":1295879068,
"createdAt":1295878309,
"title":"[b]Very secret message[/b]",
"contentsHash":"653afce0",
"securityLevel":"SL5"
Is that intentional?!? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/ohmy.gif' class='bbc_emoticon' alt=':o' /> All search engines can find and index this, like Spotlight on Mac...
I am shocked. I can see all titles (headlines) of my secure notes in plain text, if I open the 1password files with text editor!
..\1Password.agilekeychain\data\default\0A47D2529F7945559872820FB118B72C.1password
"keyID":"F75A2FF442834636A951E5FACD00F512",
"locationKey":"",
"encrypted":"U2FsdGVkX1/vxtc6fe9tNOBo4jCmsKle4NbI4OOj40oFFXGRL6wWOAuso95jh4Ft\u0000",
"typeName":"securenotes.SecureNote",
"location":"",
"uuid":"0A47D2529F7945559872820FB118B72C",
"updatedAt":1295879068,
"createdAt":1295878309,
"title":"[b]Very secret message[/b]",
"contentsHash":"653afce0",
"securityLevel":"SL5"
Is that intentional?!? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/ohmy.gif' class='bbc_emoticon' alt=':o' /> All search engines can find and index this, like Spotlight on Mac...
Flag
0
Comments
-
Welcome to the forum, Lebostein!
The short answer is "performance": 1Password has to be able to display your Logins whenever you ask for them, and decrypting hundreds or even thousands of Login titles would take longer than most people are willing to wait.
I think of it this way: I don't care who knows that I have a MasterCard, a passport, a driver's license, and an account at the credit union, as long as they don't know the account numbers, usernames, passwords, and PINs, all of which are encrypted until I prove my right to see them by entering the master password.
A full discussion is available in the [url="http://help.agile.ws/1Password/agile_keychain_design.html"][i]Agile Keychain Design[/i][/url] document on our web site. Here's a related excerpt:
[indent]As you can see, not all the information is encrypted. Most notably, the name/title of each entry (i.e. dave @ AWS login) and the location/URL are open. Having these open allows 1Password to organize your data and display it without suffering the performance hit of needing to decrypt every single item. All the truly confidential information is stored in the encrypted section of the file.
[/indent]
As a user, your most effective strategy might be to avoid putting sensitive data in the titles of your Logins and other saved items.
I hope that helps, Lebostein.Flag 0 -
I don't care (much) if Secure Notes have an unencrypted plain text Title, but [i]do[/i] care that the Notes content can't be hidden and revealed when desired. Same for certain fields containing sensitive info in other Vaults types. For comparison, SplashID supports per-field masking.Flag 0
-
I would second the vote for being able to hide the note details.
What I have done as a work around and I stress work around is add "long scroll to protect data" as my first line in the note. Then put in whatever amount of spacing is necessary to run the data below the visible screen.
It is no way ideal but my data is shielded from the occasional on looker.
I like a neat and tidy work area as I said I would love to hide the note details and then press the option button for a quick reveal, which would also be a quick hide if needed by releasing the option button rather than my method of having to scroll up. Anyway my 2cents.Flag 0 -
Your Keychain is either locked or unlocked. If you want to protect your data from your co-workers, then lock your Keychain. Our auto-lock feature can be of great help here (it can lock your Keychain automatically when you close the lid of your laptop, for example).Flag 0
-
[quote name='Stefan van As' timestamp='1295902214' post='19426']
Your Keychain is either locked or unlocked. If you want to protect your data from your co-workers, then lock your Keychain. Our auto-lock feature can be of great help here (it can lock your Keychain automatically when you close the lid of your laptop, for example).
[/quote]
I believe they're requesting an option to obscure the contents of notes and other text, even when the 1Password data is unlocked, as is currently possible with password fields.Flag 0 -
[quote name='DBrown' timestamp='1295912082' post='19436']
I believe they're requesting an option to obscure the contents of notes and other text, even when the 1Password data is unlocked, as is currently possible with password fields.
[/quote]
Yup, that's the functionality I'd like and envision it being superior to the aforementioned SplashID, which doesn't support Notes field masking (only other fields).Flag 0 -
[quote name='Lebostein' timestamp='1295949668' post='19451']
You should call it "note" and not "secure note". Then all problems solved.
[/quote]
The note itself is secure. The title(s) are stored in plain text. This goes for every 1Password item, including Wallet items, Identities, etc.Flag 0 -
[quote name='DBrown' timestamp='1295925476' post='19446']
Just to be clear, I wasn't committing to that enhancement, just clarifying the request for Stefan.[/quote]
Also to be clear, my intention was just to mention functionality I'd like/prefer without actually calling it a request. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0