This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
How safe is the 1Password file?
Hello,
I would like to ask this question, I don't know if this is the right forum topic.
I am using 1Password for Mac along with the one for iPhone syncing them using dropbox.
Recently there was a major failure on the dropbox system and for a small amount of time all accounts were visible even though few were accessed during that period. I was not a user affected by this failure.
What I would like to ask is how easy would be to decrypt the 1password file for someone accessing it.
I have a pretty strong master password I could change it to more difficult and long one. But if someone in some way could access my dropbox account or hack for example my macbook and get access to the files of 1password what would it take to decrypt it?
I read in articles on the web about hackers decrypting files with high (supposed) secure encryption algorithms, recently heard about RSA keys, or Blackberry backup files.
Would it be wiser not to sync my passwords on the web (i.e. dropbox) along with credit card numbers and personal data?
Thank you
I would like to ask this question, I don't know if this is the right forum topic.
I am using 1Password for Mac along with the one for iPhone syncing them using dropbox.
Recently there was a major failure on the dropbox system and for a small amount of time all accounts were visible even though few were accessed during that period. I was not a user affected by this failure.
What I would like to ask is how easy would be to decrypt the 1password file for someone accessing it.
I have a pretty strong master password I could change it to more difficult and long one. But if someone in some way could access my dropbox account or hack for example my macbook and get access to the files of 1password what would it take to decrypt it?
I read in articles on the web about hackers decrypting files with high (supposed) secure encryption algorithms, recently heard about RSA keys, or Blackberry backup files.
Would it be wiser not to sync my passwords on the web (i.e. dropbox) along with credit card numbers and personal data?
Thank you
Flag
0
Comments
-
Your 1Password data file is encrypted (128-bit AES) before it ever gets to Dropbox. Even if you personally gave your data file to someone, they would still need your master password to make use of it. We received many questions of this nature during the few hours that Dropbox experienced that problem, so Jeff published a blog entry to answer them.
http://blog.agilebits.com/2011/04/dropbox-security-questions/
I hope that helps!Flag 0 -
From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of this Dropbox breach of if someone physically stole your computer. As such, we use 128-bit AES encryption to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:
http://help.agilebits.com/1Password3/cloud_storage_security.html
That is probably the best single source of information on the security of 1Password (and syncing your data in it via Dropbox).
So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:
http://blog.agilebits.com/2011/06/toward-better-master-passwords/
If we can be further assistance, please let us know.
We are always here to help!Flag 0
