This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Worried by 3.9 and the sandbox
Actually it is much more about sandbox and Lion, but 3.9 is subject to it, so...
I'm deeply concerned about the problems introduced by locking where I can save my keychain. My options are:
1) In the default location of the ~library/containers folder - where my keychain and backups can be lost to a pebkac moment deleting the wrong icon in the Launchpad???
2) My only alternative is to save to a third party's space (Dropbox) - where it is not secure, because it is not under my control???
(Paranoid - well, yes, a little :-)
I'd really like future versions of 1P to allow the keychain - MY data after all - to be saved / backed up somewhere safe, where I want and not subject to third party (Apple, Dropbox) whims.
I'll be interested to see what 4.0 brings, but meanwhile I've reverted from 3.9 to my non-appstore 3.8.x in the hope that I'm a little safer, a little more flexible...
Cheers
--Pete
I'm deeply concerned about the problems introduced by locking where I can save my keychain. My options are:
1) In the default location of the ~library/containers folder - where my keychain and backups can be lost to a pebkac moment deleting the wrong icon in the Launchpad???
2) My only alternative is to save to a third party's space (Dropbox) - where it is not secure, because it is not under my control???
(Paranoid - well, yes, a little :-)
I'd really like future versions of 1P to allow the keychain - MY data after all - to be saved / backed up somewhere safe, where I want and not subject to third party (Apple, Dropbox) whims.
I'll be interested to see what 4.0 brings, but meanwhile I've reverted from 3.9 to my non-appstore 3.8.x in the hope that I'm a little safer, a little more flexible...
Cheers
--Pete
Flag
0
Comments
-
Besides using TimeMachine to do a restore as was mentioned DropBox is a way to recover in case your drive dies or you Mac is lost since the data is stored in the cloud.
It's also nice being able to access your passwords from anyplace.
Does seem you are being overly paranoid as the data file is encrypted so isn't readable with your master password.Flag 0 -
From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of this Dropbox breach of if someone physically stole your computer. As such, we use 128-bit AES encryption to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:
http://help.agilebits.com/1Password3/cloud_storage_security.html
So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:
http://blog.agilebits.com/2011/06/toward-better-master-passwords/Flag 0