This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

What risks are present by giving access to my Dropbox account?

Marc BV
edited July 2011 in Windows
For using the sync option I need to give 1Password (AgileBits) access to my Dropbox account. Afaik they (AgileBits) have full access rights to all my files in my Dropbox account. How can I be sure that this doesn't involve a risk?



Don't get me wrong: I don't claim that AgileBits cannot be trusted, but just am feeling a bit uncomfortable with this.

Comments

  • DBrown
    DBrown
    edited July 2011
    Welcome to the forum, Marc!



    1Password on your iOS, Android, and Windows Phone 7 devices needs to "know" your Dropbox login credentials so that it can use the API provided by the folks at Dropbox to read and write files in the [i]1Password.agilekeychain[/i] folder that is stored on your private Dropbox web site. That's how Dropbox sync'ing works.



    No one at AgileBits has access to those credentials, because they're stored only in 1Password on your iOS, Android, and Windows Phone 7 devices, and only you have access to those.



    As for the data itself, the thing to remember is that, no matter where it's stored, your 1Password data is protected with 128-bit AES encryption. What's more, Dropbox protects the data stored on their servers with 256-bit AES encryption (https://www.dropbox.com/help/27), so your data should be particularly safe there. Dropbox also uses SSL for all transfers to and from your Dropbox-sync'ed devices, so they're at least as secure as Wi-Fi transfers between devices would be.



    [list]

    [*][url=http://help.agilebits.com/1Password3/security.html][i]How Secure is 1Password?[/i][/url]

    [/list]

    Please see these documents for a more thorough discussion of the issue:



    [list]

    [*][url=http://help.agilebits.com/1Password3/cloud_storage_security.html][i]Security of storing 1Password data in the Cloud[/i][/url]



    [*]Our blog - [url=http://blog.agilebits.com/2011/04/dropbox-security-questions/][i]Dropbox Security Questions[/i][/url]



    [*]Dropbox's blog - [url=http://blog.dropbox.com/?p=735][i]Privacy, Security, and Your Dropbox[/i][/url]

    [/list]
  • Stefan von Dutch
    Stefan von Dutch Community Moderator
    [quote name='Marc BV' timestamp='1309705961' post='31042']

    For using the sync option I need to give 1Password (AgileBits) access to my Dropbox account. Afaik they (AgileBits) have full access rights to all my files in my Dropbox account. How can I be sure that this doesn't involve a risk?



    Don't get me wrong: I don't claim that AgileBits cannot be trusted, but just am feeling a bit uncomfortable with this.

    [/quote]



    I assume you're referring to the iOS version of our product, correct? The Mac and Windows versions should never ask for your Dropbox credentials.



    On iOS, there is no such thing as a Dropbox folder on your system, and we need to connect to the Dropbox mobile API.