This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Security: File Attachments
Hi,
I just learned that I cannot edit attachments and save the modified file directly back to 1PW.
Work-around is to drag/drop to desktop, edit and drag/drop back.
The file copied over to the desktop typically contains sensitive information, otherwise there is no need to keep it in 1PW.
The security concern on this is:[list]
[*]The file edited on the desktop will stay there and must be removed manually. This may be forgotten and is a security risk.
[*]The file manually deleted from the desktop goes to the trash and is not wiped instead. From trash it can be restored easily. This is a security risk.
[*]To remove the file safely from the desktop you have move it to trash and then to chose "Secure empty trash". But this will empty the whole trash bin and not just the 1PW attachment file. This may not be what you want.
[/list]
So some advice is require to handle this situation. Or even the attachment handling must be improved in 1PW.
BR
Sven
I just learned that I cannot edit attachments and save the modified file directly back to 1PW.
Work-around is to drag/drop to desktop, edit and drag/drop back.
The file copied over to the desktop typically contains sensitive information, otherwise there is no need to keep it in 1PW.
The security concern on this is:[list]
[*]The file edited on the desktop will stay there and must be removed manually. This may be forgotten and is a security risk.
[*]The file manually deleted from the desktop goes to the trash and is not wiped instead. From trash it can be restored easily. This is a security risk.
[*]To remove the file safely from the desktop you have move it to trash and then to chose "Secure empty trash". But this will empty the whole trash bin and not just the 1PW attachment file. This may not be what you want.
[/list]
So some advice is require to handle this situation. Or even the attachment handling must be improved in 1PW.
BR
Sven
Flag
0
Comments
-
Hi Sven,
Welcome to the forums. I agree that some caution should be exercised when working with attachments. As you can't save files directly into 1Password, they must be written unencrypted to the disk at some point. If this is a concern, I'd recommend checking out one of our other products, [url="http://agilebits.com/products/Knox"]Knox[/url].
Thanks
BenFlag 0 -
I definitely don't want to handle two products to keep all my secrets. I'm using TrueCrypt currently and the intention was to skip this by having all stuff in one place, also on my mobile (there is no TrueCrypt Android port).
So my expectation is that this will be fixed in an upcoming release. A scenario could be that you offer (a popup with some options or a checkbox) to wipe an original file when it is added to the 1PW attachment.Flag 0 -
Hello s_fff,
Thanks for your suggestions. I'll pass them along to our developers.
Cheers!
BrandtFlag 0