This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Access to preferences without unlocking/authenicating 1Password data file
It occurred to me several days ago that it is inviting trouble for an unauthorized person, if they were able to access my laptop despite the usual precautions, to be able to see, for example, where my 1Password data backup files are. I know they are encrypted, but my luck would be a top-notch teenage hacker would break the encryption. And following the cookie crumbs of the backup files would also compromise, say, my Dropbox. Oops!
Could Agilebits consider not allowing any access to the "innards" of 1Password without first unlocking or authenticating the application?
Thanks for considering this.
Mike
Could Agilebits consider not allowing any access to the "innards" of 1Password without first unlocking or authenticating the application?
Thanks for considering this.
Mike
Flag
0
Comments
-
Hi Mike,
From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of this Dropbox breach of if someone physically stole your computer. As such, we use 128-bit AES encryption to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:
http://help.agilebits.com/1Password3/cloud_storage_security.html
So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:
http://blog.agilebits.com/2011/06/toward-better-master-passwords/Flag 0