Feature Request: Keyfile Support

m00dawg

This is more of a feature request I suppose. I've been wanting to secure things a bit more on my laptop and thought it might be a good idea to use two-factor authentication but cannot find any options for that in 1Password. Has anyone tried something like this and found a work-around perhaps?



To describe the process, with TrueCrypt one can use a file as part of a required element. So, one could put that file on a USB keychain and use it, plus a password, to decrypt stuff. Having that for 1Password would be awesome since one would need both the file (on a USB keychain of course) and the usual password to decrypt the database.



Thoughts or suggestions?

khad

Welcome to the forums, m00dawg!



This suggestion has [url="http://forum.agile.ws/index.php?/topic/3-suggestion-yubikey-support/"]come up from time to time[/url]. Thank you for letting us know it would be useful to you as well. We will continue to evaluate multi-factor authentication for 1Password as we move forward.



Thanks for letting us know you are interested!

m00dawg

Great! I'll keep an eye out for it and would certainly be happy to help test it if it is something that gets put in to a future release!

MikeT

Hi m00dawg,



Thanks for the offer, we’ll keep you in mind when we have something ready for a beta test.

jooize

Hello Agile,



I would also like Yubikey support! It's a great solution to further strengthen security. If I can be of any help, feel free to contact me. Preferably by email as I won't be around here a lot.



Joel

[Deleted User]

Hi Joel,



We've had a few requests for Yubikey support in the past, and while we currently don't have any plans to offer this it may be something we look into for the future.



We'll keep everyone posted on the forums or on our blog over at http://blog.agile.ws where we often post new features.



Thanks for the feedback!



[quote name='jooize' timestamp='1300219075' post='22496']

Hello Agile,



I would also like Yubikey support! It's a great solution to further strengthen security. If I can be of any help, feel free to contact me. Preferably by email as I won't be around here a lot.



Joel

[/quote]

jooize

Thanks for a very good program!

[Deleted User]

[quote name='jooize' timestamp='1300225223' post='22502']

Thanks for a very good program!

[/quote]



You're welcome, Joel! Thank you for your kind words <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

Brian Kohles

I'd also like to add my vote for multi-factor auth. It's the only reason that I'd ever consider switching to lastpass.



You could use something like Yubikey.

But it could also be as simple as configuring 1Password to look for a file with a specific MD5 on a USB stick. So I could have a USB stick with pictures or whatever on it & just tell 1Password to use the MD5 of that file as the second factor.



Or you know use the webcam on my macbook & iphone to do a retinal scan. You know whatever is easy. =]

m00dawg

[quote name='Brian Kohles' timestamp='1300507065' post='22711']

I'd also like to add my vote for multi-factor auth. It's the only reason that I'd ever consider switching to lastpass.



You could use something like Yubikey.

But it could also be as simple as configuring 1Password to look for a file with a specific MD5 on a USB stick. So I could have a USB stick with pictures or whatever on it & just tell 1Password to use the MD5 of that file as the second factor.



Or you know use the webcam on my macbook & iphone to do a retinal scan. You know whatever is easy. =]

[/quote]



+1 for using a file. That's what you can do with TrueCrypt and it's an effective, clever, and simple solution.

khad

Welcome to the forums, Brian!



Thanks for the suggestion. We will certainly continue to evaluate two- and multi-factor authentication solutions in 1Password. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Cheers,

Jacksonn298

I was evaluating lastpass, 1password & keepass. Love the fact Keepass keeps data locally but browser integration is weak but it's free. Lastpass is free and got great browser integration, stores data in cloud and offers two factor authentication as $12. 1password offer great browser integration and stores data locally but no two factor authentication. Two factor authentication such as Yubikey would make this a perfect product. Or even the option of using an old usb key as 2nd factor. Please consider.

brenty

[quote name='Jacksonn298' timestamp='1303421388' post='25339']

I was evaluating lastpass, 1password & keepass. Love the fact Keepass keeps data locally but browser integration is weak but it's free. Lastpass is free and got great browser integration, stores data in cloud and offers two factor authentication as $12. 1password offer great browser integration and stores data locally but no two factor authentication. Two factor authentication such as Yubikey would make this a perfect product. Or even the option of using an old usb key as 2nd factor. Please consider.

[/quote]



Hiya, Jacksonn! Welcome to the forums! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



This is definitely something that we may do in the future, but we have to be sure that it is a good fit for 1Password. I love my YubiKey, but there are a lot of situations where it just isn't usable (offline, mobile devices, etc.)



I really like the idea of using a USB flash drive somehow, but then it's a question of somebody being able to simply copy your key file (or simply allowing it to be compromised at some point by mounting it on a compromised system.) If we can find a way to do something like this that 1) does not detract from 1Password's established core functionality, and 2) does not add additional security risk, I will be all for it. It's just really important that if we do something big like this, we do it right.



I am sorry I don't have a more exciting answer. Thanks for being patient. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

m00dawg

Isn't that the point of two-factor auth though? The idea being that you need both something you have (the USB keychain) and something you know (a password) so that either component can be compromised and the data is still secure. A USB keychain would wildly improve upon 1Password's security. That's not to say 1Password's security is bad - it's simply 1-factor right now.



Using a file on a USB keychain to be part of the decryption scheme adds a world of complexity. The file itself could be complex in nature (say an MP3); there could be multiple files on the USB keychain such that figuring out which one 1password is using could be difficult; the keychain could have it's own security layers; encrypted disk images could be use for yet another layer of encryption.



The True-Crypt project is a good example of how to use a USB keychain for two-factor auth. Their implementation use the file-based approach (similar to the one noted above) but there are other ways to do of course. The file based approach is neat because it can make the resulting encryption key quite complex. The problem with True-Crypt is that it's not a password database and it's much harder to use (but also much harder to detect for folks that really need to hide data from prying eyes). The point is, if they use it given their extreme levels of paranoia, I think it would be a good addition to 1password.

Jacksonn298

Thanks for the info. I think a simple checking for a file on the USB flash drive will suffice for a lot of people. To me it doesn't matter if someone has possession of that file they still need the other factor - the password. Password managers have been around for a while and I always feel uncomfortable trusting one program to manage all my passwords. I finally got around to using it but felt that the one password login is kind of weak. Even the open source Keepass has check for usb file function. I love lastpass because of that feature but in the end decided to use 1password because of the interface and feature and believing that eventually 1password will come around to embrace multi-factor. I work in IT and staff come to me for computer advice or recommendation. I think I will be more comfortable recommending 1password when it has multi-factor support - even a simple one. Please do it.







[quote name='brenty' timestamp='1303452664' post='25359']

Hiya, Jacksonn! Welcome to the forums! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



This is definitely something that we may do in the future, but we have to be sure that it is a good fit for 1Password. I love my YubiKey, but there are a lot of situations where it just isn't usable (offline, mobile devices, etc.)



I really like the idea of using a USB flash drive somehow, but then it's a question of somebody being able to simply copy your key file (or simply allowing it to be compromised at some point by mounting it on a compromised system.) If we can find a way to do something like this that 1) does not detract from 1Password's established core functionality, and 2) does not add additional security risk, I will be all for it. It's just really important that if we do something big like this, we do it right.



I am sorry I don't have a more exciting answer. Thanks for being patient. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

[/quote]

brenty

You are right that there might be a lot of people who would be content with the USB file support. The problem I see with this is it that it seems sort of "phony." Adding this would kind of feel like a bullet point feature, since it isn't truly a second factor. Your password is "something you know," but using a file on a USB drive would pretty much be the same as a long password stored in a file: it doesn't really meet the criteria of "something you have" in the way that an independent hardware token does. Whether it's a YubiKey or a keyfob that displays a one-time password, these things cannot be duplicated and are truly something you have to have physical access to.



I think we will add multifactor at some point in the future, but we need to do it right, lest we end up merely offering a placebo and giving folks a false sense of increased security as a result.



Thanks so much to everyone for the feedback, though. It helps us gauge what direction we should take 1Password in the future. If it wasn't for you guys, we would probably be all over the place -- and not necessarily in a good way. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



[quote name='Jacksonn298' timestamp='1303488419' post='25399']

Thanks for the info. I think a simple checking for a file on the USB flash drive will suffice for a lot of people. To me it doesn't matter if someone has possession of that file they still need the other factor - the password. Password managers have been around for a while and I always feel uncomfortable trusting one program to manage all my passwords. I finally got around to using it but felt that the one password login is kind of weak. Even the open source Keepass has check for usb file function. I love lastpass because of that feature but in the end decided to use 1password because of the interface and feature and believing that eventually 1password will come around to embrace multi-factor. I work in IT and staff come to me for computer advice or recommendation. I think I will be more comfortable recommending 1password when it has multi-factor support - even a simple one. Please do it.

[/quote]

m00dawg

[quote name='brenty' timestamp='1303516918' post='25429']

You are right that there might be a lot of people who would be content with the USB file support. The problem I see with this is it that it seems sort of "phony." Adding this would kind of feel like a bullet point feature, since it isn't truly a second factor. Your password is "something you know," but using a file on a USB drive would pretty much be the same as a long password stored in a file: it doesn't really meet the criteria of "something you have" in the way that an independent hardware token does. Whether it's a YubiKey or a keyfob that displays a one-time password, these things cannot be duplicated and are truly something you have to have physical access to.



I think we will add multifactor at some point in the future, but we need to do it right, lest we end up merely offering a placebo and giving folks a false sense of increased security as a result.



Thanks so much to everyone for the feedback, though. It helps us gauge what direction we should take 1Password in the future. If it wasn't for you guys, we would probably be all over the place -- and not necessarily in a good way. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />

[/quote]



I disagree that it's a placebo and that it's fake two-factor totally. Yes, something like Yubikey is better but using a file on a USB key is still pretty good. You know your password and you have the key-chian. How is that two-factor? If you don't have the keychain, you don't get in. You still need the keychain to decrypt stuff in addition to the standard password. You could think of it as concatenating the file with one's own password, but I don't see the flaw in that unless one picks a file that could be easily grabbed from elsewhere. That is solved very easily by generating a file of random bytes that only exists on the USB keychain (and hopefully the safe and secure backup of it in a safe deposit box somewhere).



I think you're glossing over the elegance of this solution. It's easy, cheap, and can be done in a way that adds a significant amount of security. Heck isn't today Earth Day? It's Earth friendly too because those 8MB USB sticks that are all but useless would have a new lease on life by participating in a two-factor scheme. There are better ways, sure, but one can implement security strategies ad infinitum. Right now, frankly, 1password has one way: 1-factor authentication. Any type of 2-factor would seem to be better.

brenty

Wow. Thank you for that, m00dawg! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



I really like the Earth Day angle. I never would have thought of that (shame on me!) But this makes me conscious of another big concern: If through loss or failure you no longer have access to the ~thing~, you're up a creek without a keyfob to use as a floatation device. All approaches to MFA have this problem, of course. With the FFD (File on a Flash Drive) approach, while it's easier for someone else to get hold of (it could be duplicated when you're not looking and then returned, and you'd be none-the-wiser), you can easily make copies to have a backup. In the case of a OTP keyfob, you can't duplicate it to keep a backup, but you can often get a replacement by jumping through some hoops with the provider.



I guess my point is that if there were one solution that was clearly best, we would probably already all be using it. The reality is that the MFA landscape is still very much the wild west. We want to be sure we do the right thing, both for ourselves and our customers.



I love how passionate you are about this, but I think we will just have to agree to disagree. I personally feel strongly that "any type of 2-factor" runs a high risk of making me complacent, thinking I am more secure than I really am. The best thing each of us can do is [url="http://forum.agile.ws/index.php?/topic/1774-choosing-a-good-master-password/page__view__findpost__p__25331"]use a long, random passphrase[/url], because no one can ever take that from us unless we give it to them. MFA is just icing on the cake.



Please do not take offense at my opinionated nature. I love this kind of discussion! Ultimately, it benefits all of us to talk about these things, and I would hate for my stubbornness to drive anyone away! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />



[quote name='m00dawg' timestamp='1303517880' post='25432']

I disagree that it's a placebo and that it's fake two-factor totally. Yes, something like Yubikey is better but using a file on a USB key is still pretty good. You know your password and you have the key-chian. How is that two-factor? If you don't have the keychain, you don't get in. You still need the keychain to decrypt stuff in addition to the standard password. You could think of it as concatenating the file with one's own password, but I don't see the flaw in that unless one picks a file that could be easily grabbed from elsewhere. That is solved very easily by generating a file of random bytes that only exists on the USB keychain (and hopefully the safe and secure backup of it in a safe deposit box somewhere).



I think you're glossing over the elegance of this solution. It's easy, cheap, and can be done in a way that adds a significant amount of security. Heck isn't today Earth Day? It's Earth friendly too because those 8MB USB sticks that are all but useless would have a new lease on life by participating in a two-factor scheme. There are better ways, sure, but one can implement security strategies ad infinitum. Right now, frankly, 1password has one way: 1-factor authentication. Any type of 2-factor would seem to be better.

[/quote]

m00dawg

[quote name='brenty' timestamp='1303519470' post='25436']

Wow. Thank you for that, m00dawg! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



I really like the Earth Day angle. I never would have thought of that (shame on me!) But this makes me conscious of another big concern: If through loss or failure you no longer have access to the ~thing~, you're up a creek without a keyfob to use as a floatation device. All approaches to MFA have this problem, of course. With the FFD (File on a Flash Drive) approach, while it's easier for someone else to get hold of (it could be duplicated when you're not looking and then returned, and you'd be none-the-wiser), you can easily make copies to have a backup. In the case of a OTP keyfob, you can't duplicate it to keep a backup, but you can often get a replacement by jumping through some hoops with the provider.



I guess my point is that if there were one solution that was clearly best, we would probably already all be using it. The reality is that the MFA landscape is still very much the wild west. We want to be sure we do the right thing, both for ourselves and our customers.



I love how passionate you are about this, but I think we will just have to agree to disagree. I personally feel strongly that "any type of 2-factor" runs a high risk of making me complacent, thinking I am more secure than I really am. The best thing each of us can do is [url="http://forum.agile.ws/index.php?/topic/1774-choosing-a-good-master-password/page__view__findpost__p__25331"]use a long, random passphrase[/url], because no one can ever take that from us unless we give it to them. MFA is just icing on the cake.



Please do not take offense at my opinionated nature. I love this kind of discussion! Ultimately, it benefits all of us to talk about these things, and I would hate for my stubbornness to drive anyone away! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />

[/quote]



No worries on being opinionated; so am I <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> I think that ends up resulting in potential for good things no matter what the ultimate solution is. You make one good point, I will admit, and that can be distilled down to "with great power, comes great responsibility." That is to say that two-factor isn't something to be taken lightly and can get those in trouble who use it without understanding the pro's, con's and ultimately responsibility (ie backups).



Still, I think it's a neat concept. Say I'm traveling and someone kidnaps me at the airport and demands I give them my password. That's only half the battle, however if I was using two-factor auth and left my keychain in my checked baggage. Not much can be done about that other than to steal the laptop and reformat it for their thieving pleasures.



Or, and perhaps this is getting pathological, what if I don't want US customs to seize my laptop and demand that they have access to my personal data. Are they still doing that when returning from Canada? I heard they did a few years back, but let's say they are just for funzies. To solve that problem, I either have a copy of my USB keychain at both of my locations. Or I can overnight the keychain before I depart so that the key is in a different place than my laptop, making it all but impossible for customs to get anything.



Such a scenario is a bit beyond 1Password (this sounds more like True-Cryptery for those that wear tin-foil hats); but hopefully you get my point <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



I would think that most any two-factor auth should be considered an advanced feature, to be only enabled after a bunch of disclaimers come up about loss of data if the physical key is misplaced or damaged. Even then, I would but some ominous red-letters around the features (similar to the big warning one gets when turning on FileVault).

brenty

[quote name='m00dawg' timestamp='1303527387' post='25460']

Or I can overnight the keychain before I depart so that the key is in a different place than my laptop, making it all but impossible for customs to get anything.



Such a scenario is a bit beyond 1Password (this sounds more like True-Cryptery for those that wear tin-foil hats); but hopefully you get my point <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

[/quote]



I do indeed, and that is awesome! You got me thinking...injecting a bit of "plausible deniability" might compliment this nicely.



Just imagine: After putting up a good fight (gotta be convincing!), you finally agree to relinquish your password to the customs official. But when they use it, all they get is gibberish -- no "Incorrect Password" or "Password accepted. Please provide secondary factor to decrypt." You can explain it away as some form of data corruption. Meanwhile, your data is secure, and your MFA keychain is off somewhere else, far out of reach...



Okay, we might be a little pathological. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



In all seriousness though, while a warning may absolve a legal entity like Agile (the company) of all responsibility, as a person the last thing I want to have to do is tell someone else they are out of luck when it comes to retrieving their important data. That would keep me up at night. And while most people are probably not carrying around state secrets, our data is important to [i]us[/i]. At the end of the day, I don't think anyone at Agile wants to have to deliver that kind of bad news (You lost your key; your data is gone. Sorry!")



We want to make it easier to be secure, not place additional burdens on folks. Lord knows being safe on the internet is hard enough as it is. I think that the message that we need to give with 1Password is "Everyone can be more secure, and we will show you how." But I don't want to see anyone left behind.

m00dawg

[quote name='brenty' timestamp='1303549694' post='25465']

I do indeed, and that is awesome! You got me thinking...injecting a bit of "plausible deniability" might compliment this nicely.



Just imagine: After putting up a good fight (gotta be convincing!), you finally agree to relinquish your password to the customs official. But when they use it, all they get is gibberish -- no "Incorrect Password" or "Password accepted. Please provide secondary factor to decrypt." You can explain it away as some form of data corruption. Meanwhile, your data is secure, and your MFA keychain is off somewhere else, far out of reach...



Okay, we might be a little pathological. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />



In all seriousness though, while a warning may absolve a legal entity like Agile (the company) of all responsibility, as a person the last thing I want to have to do is tell someone else they are out of luck when it comes to retrieving their important data. That would keep me up at night. And while most people are probably not carrying around state secrets, our data is important to [i]us[/i]. At the end of the day, I don't think anyone at Agile wants to have to deliver that kind of bad news (You lost your key; your data is gone. Sorry!")



We want to make it easier to be secure, not place additional burdens on folks. Lord knows being safe on the internet is hard enough as it is. I think that the message that we need to give with 1Password is "Everyone can be more secure, and we will show you how." But I don't want to see anyone left behind.

[/quote]



Ah yeah plausible deniability is a big thing with True-Crypt. You are able to hide True-Crypt partitions from normal eyes - it just looks like random junk data on the drive that's not part of the normal file-system. Pretty neat but the problem I had with True-Crypt is that it's a pain to use for the level of security I need. The idea is neat, though. If 1password simply gave back random passwords, that would be pretty funny <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> Either way, customs wouldn't be happy when they ultimately discover that they didn't get good data back.



As far as the "keeping you up at night" thing, I totally understand. You can be giving tools to customers that allow them to shoot themselves. How about this - in order to use a keychain with 1Password, it will first force you to use two keychains (1 for normal use, one for backups)? That way 1Password will not work with two-factor unless it knows you made a backup. Now what someone does with it isn't something 1Password could control, but would be an extra step to prevent people from doing bad things.



Ultimately 2-factor is more complicated than 1-factor. Even the simple scenarios can be more complicated just by the nature of the beast and could be beyond the needs of normal users. Jackson298 pointing out that it would make it easier for him to deploy 1Password in more business scenarios and I think that's a pretty good thing (and something I, too, have thought about within my own company). Basically, for those of us how are power users, or in business scenarios where the extra security is needed, these features are like gold!



But I do otherwise see your point and I wouldn't want to tell customers their data is gone either. Obviously that's for you folks at Agile to figure out if it's worth it. I know there's customers that would be happy with the addition and it would probably make 1Password more marketable (though I think you mentioned earlier that might be a silly reason to implement the feature, and I agree). Can't help you there under to say I've love a feature like this (and feel I'm responsible enough to use it wisely).



As an aside, I wonder how Apple handled that when FileVault was hozing people (I avoid using it even today just for worry it's not stable enough - plus encrypting everything is overkill - I don't care if a thief knows the music I like). Those would have been ugly conversations for sure :/

khad

[quote]You can be giving tools to customers that allow them to shoot themselves.[/quote]

Every tool is a weapon if you hold it right, eh? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



[quote]As an aside, I wonder how Apple handled that when FileVault was hozing people [/quote]

Interestingly, Apple has completely redesigned [url="http://www.appleinsider.com/articles/11/02/28/inside_mac_os_x_10_7_lion_file_vault_full_disk_encryption_and_cloud_key_storage.html"]FileVault in Mac OS X Lion[/url]. This is likely a direct result of FileVault support issues. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' />



From AppleInsider:



[quote]In Mac OS X Lion, Apple has completely revamped FileVault, removing it as a simple encryption of users' Home folders and reinstating it as full disk encryption solution, with an apparent option to save disk encryption keys with Apple, likely via MobileMe.[/quote]

There may be some good lessons to learn here.

m00dawg

Full disk encryption has it's own set of pros and cons. Sort of surprised they would drop per-user FileVault but it will be interesting to see how that develops when Lion drops (which should be within a few months as I recall?). I think I'll stick with my encrypted disk image method but I do think full disk encryption is probably likely to be more stable than FileVault's old incarnation. Curious how it works with multiple users?

khad

[quote]Curious how it works with multiple users?[/quote]

I think I have likely steered us off topic. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' /> That is a good question, though. I don't have any firsthand experience with it yet.



The element of greatest interest to me is be the possible remote storage of encryption keys as a safeguard.

m00dawg

It's a nice thought (one can put the 1Password DB in DropBox as a solution today) but it would involve a huge amount of trust, and/or open protocols where one can verify that data is being encrypted to the remote side. The trust issue makes it hard for me to use on my own; but it would be a great way to keep keys safe for the average user (assuming they trust their cloud storage vendor) in cases where they do not have a good backup solution on their own.

VKC

If you were to lose the USB keychain, what then? Same as if you were to forget your master password, out of luck in retrieving data and would keep brenty up at night. 1password is to protect data not retrieving it. No worries brenty. The goal is to secure data, the best way we know how, not to come up with what if scenario to keep us from trying out different ways to make that happen. USB file support may not be as good as a hardware solution, but is easy to implement and inexpensive, this would give Agile more time in developing a better solution while getting us off thier back. Placebo dose wonders for us mere morals, we are not asking for the final solution for password protection, just something we believe it could be better, and hope in time the program we selected to use become the yardstick that of all other password protection program is measure by. My thanks to m00dawg and Jacksonn298 in pushing the importance of the 2-factor support.



I just start using the program and I too see the great potential in it. Thank you Agile for developing a great program.

Just my 2 cents. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif' class='bbc_emoticon' alt=':rolleyes:' />

khad

Welcome to the forums, VKC!



It can often be the case that "shipped" is better than "perfect," but we will have to wait at least a little while as the developers are super busy with Lion support (and more) at the moment.



Thanks for letting us know you are interested in this as well, though! We continue to discuss it internally.

nn2011

Hello!



I'm sitting here and thinking of not buying 1password. For me it's extremely unsafe to use 1PasswordAnywhere with dropbox or other media. The only thing that protects me, my master password, which may be good at a little over 20 characters but if they manage to solve it I'm screwed ... then they gain access to ALL my other passwords! Nah this is not good at all :-/ I don't know why you haven't made this your number one priority to solve? It is passwords your program aim to protected so it is your main task to solve this problem.



I use truecrypt and you could just permit to save the 1Password.agilekeychain data file on a removable volume (this includes disk images) and all would be solved!



I would then save the 1Password.agilekeychain in my truecrypt container available in the drop box and I could feel safe that no one can enter. They will have to brute force the password to truecrypt container but also take my usb memory from me physically where the key file is to then mount the container (just that I feel completely comfortable with) then get the password for 1password. I'm not paranoid, but know many who are concerned with only sniffing out passwords and is it a program that keeps all your passwords with only one master password to solve they will lay all their energy down to crack it.



This is not a solution for all people as many don't even know about truecrypt - but many doesn't either know about dropbox and that you have integrated well. Let the people have a choice to protect themselves if they like by truecrypt at least.



I'm soo sad that you don't allow the keychain to be saved to a truecrypt container. The search goes on and I have to look at keepass and the other programs.



//NN

m00dawg

You *CAN* put 1Password's keychain on other media. I have it running off my encrypted disk image. It's just not recommended by Agile, but it's very possible.



[url="http://forum.agile.ws/index.php?/topic/3888-how-do-i-relocate-the-backup-location/page__p__22132__hl__%2Bencrypted+%2Bdisk+%2Bimage__fromsearch__1#entry22132"]This[/url] should get you going, keeping in mind the pros and cons of doing so.

khad

Welcome to the forums, nn2011!



Thanks for your passion for this feature. We really appreciate it and it is absolutely taken into consideration.



While this feature is not currently implemented, please do consider that "all someone needs to do to get all my data is guess my master password" is a deceptively simple explanation of an incredibly complex process. Please do consider that not only is your 1Password data encrypted, but so is your Dropbox data. Someone would need to somehow get ahold of your data file by either having access to your machine or hacking into Dropbox and obtaining your data file. Neither one of those tasks is trivial (presuming you have secured your own machine well), but for the sake of conversation, let's assume that someone manages to do this. Since I don't have anything further to announce at this time regarding support for external keys, let me take this opportunity to explain [url="http://help.agilebits.com/1Password3/agile_keychain_design.html"]1Password's data format[/url] a bit more.



In short, the encrypted material within your data file cannot be decrypted by all of the computers on the planet working in tandem for many times longer than the age of the universe.* We make use of the OpenSSL libraries to provide algorithms, protocols and implementations of our encryption. These are developed and maintained by a wide, open, community of experts. In our choice of protocols, we rely on the recommendations of that expert community. We also understand that just as important as the choice of encryption algorithm and cipher mode is the choice and design of protocols.



One of these protocols that is worth mentioning at this point is the use of the [url="http://en.wikipedia.org/wiki/Key_strengthening"]key strengthening[/url] function [url="http://en.wikipedia.org/wiki/PBKDF2"]PBKDF2[/url]. This protects your data against password guessing (password cracking) programs in a number of ways. Before we can explain how that works, you need to know a bit more of what 1Password does when it decrypts your data. Your data is not directly encrypted with your master password. Instead it is encrypted with a random 128-bit number that was picked when 1Password first created your Agile keychain. That 128-bit number is your true decryption key. This key, in turn, is encrypted using your master password.



The computation (AES-128) to get from your decryption key to your data is designed to be quick; but the computation (PBKDF2) to get from your master password to your actual decryption key is designed to be slow. This means that when you enter in your master password you have to wait a fraction of a second. That fraction of a second, however, makes it enormously harder for automated guessing programs. Without PBKDF2 well designed automatic password guessing programs can try [url="http://blog.crackpassword.com/2010/12/blackberry-password-cracking-multi-threaded-with-hardware-accelerated-aes/"]millions of passwords per second[/url], but [i]with[/i] this key strengthening this is reduced to only [b]a few hundred per second[/b]. Another consequence of this system is that even if two people use the same master password, they will have different encryption keys and so their data will be encrypted differently.



Please also take a look at [url="http://blog.agilebits.com/2011/05/defending-against-crackers-peanut-butter-keeps-dogs-friendly-too/"]our blog post about PBKDF2[/url] for some additional information about PBKDF2 key strengthening and our [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]Cloud Storage Security[/url] document for more about why we continue to remain confident in the cloud storage and syncing of 1Password data files.



Security is definitely an ongoing process — we are not ruling out external keys — but I want to make sure you know that your data is and remains secure even if we don't add such a feature.



If you have any additional questions or concerns, please let me know.



Thanks!







* "Assuming that one could build a machine that could recover a DES key in a second, then it would take that machine approximately 149 trillion (thousand-billion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old." (via the [url="http://www.nist.gov/public_affairs/releases/g01-111.cfm#AES"]National Institute of Standards and Technology[/url])

MrUsr

I'm also interested in the keyfile solution. It wasn't a concern until I started using Dropbox to sync and now fear the possibility that my 1Password keychain could fall into the wrong hands without me even knowing.



I agree that it doesn't increase local security (It could be copied), but it seems to push remote security through the roof. It's in the realm of possibility that a person could get access to my Dropbox and crack a 16 character password. It's completely bonkers that they'd be able to get access to Dropbox and also crack a two password system, one being 16 characters and the other being, say, 300 characters hunked off in a file.



As an alternative to relying on a specific file, which is vulnerable to loss and data corruption, what about letting a user pick the password contained in the keyfile? It could be something they could write down on a sheet of paper or even print out and store in multiple places and they're still no less safe from a local threat than they are now, yet considerably safer from any sort of Dropbox compromise.