One time sharing of secrets?

emilr
emilr
Community Member

Hi

There are various services out there on the internet that provides a way to share secrets without the ceremony of creating user accounts (e.g https://onetimesecret.com). But i'm very hesitant to rely on random websites to share sensitive and confidential information.

Since I already put a lot of trust in 1Password and handling our most sensitive information, having such a service within 1Password for Business seems like a good fit for me.

I haven't put a ton of thought into this would work with your security model, but I would be interested in knowing if one time sharing of secrets was something you have considered?

Best regards
Emil


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2019

    @emilr: It's certainly a cool idea. But it has one really big problem: reality. When you share a secret with someone else, you can't really unshare it. Sure, you can revoke access to a file going forward (not to mention using a 3rd party as a go-between). But you can't wipe their brain or any devices where they have it stored. Unless the person literally never "received" it (read, copied, etc.), it is no longer secret. The solution for something like a password is, well...to change it (after revoking access to any file you shared with them where it is recorded, or they will get the new one too).

    Another issue with something like that is that if you want to share something securely, both parties need to have a shared secret that allows only them to read it. We hide a lot of this complexity with group 1Password memberships, so that no one actually has to get together to trade encryption keys, or use an "out of band" channel to do that digitally. Instead, we do all of that behind the scenes for the user automatically as part of account setup. So while I understand that account setup may seem like a bit of a hurdle, if you've ever set up S/MIME or PGP to use in a group, I think you'll find that this is preferable.

    I'd be interested to hear the specific use case(s) you'd have in mind though. It's always good to consider different angles. :)

  • emilr
    emilr
    Community Member

    Thanks for responding @brenty!

    I'm not to concerned about the recipient knowing the secret, the "one time" thing is purely a security measure in under to do the transfer more securely.

    The use case is where you want to share a database connection string or a wifi password in a text, Slack or even email. When I share a secret I want to make sure that my sharing doesn't leave a trace, so that the secret can be unveiled if the recipients phone, Slack account or email is at some point compromised. My intention is not that the recipient should stop knowing the secret, only to make the sharing more secure by allowing the secret to be viewed only once.

    Both 1Password guest accounts and S/MIME or PGP requires some prior negotiation of keys - that requires the recipient of the secret to do stuff and that has one big problem: reality. In the real world not all people understand security and they don't want to go out of their way to be secure. (Sorry for the tease, I understand your point, and that I didn't make use case clear from the outset).

    Best regards
    Emil

  • This is a tough one. On the one hand I see your point, and have on a number of occasions shared something in a less secure fashion than I would've liked because setting up an account is far too troublesome in most cases when only needing to give someone one or two passwords. On the other hand going out of our way to further enable such behavior is pretty well against the grain of everything we're about here. There's good reason 1Password, PGP, and S/MIME all require some sort of key setup / negotiation.

    It is an interesting problem, and one I think we'd very much like to solve. It definitely warrants further thought.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2019

    @emilr: Touché! :lol: My point was that with 1Password accounts -- guest or otherwise -- the actual key exchange and management is transparent to the user. One way or another, the receiving party needs to have the means to read the data you send them. There are a lot of ways to do that, many, as you mention, are insecure. Others, as I mentioned, are a usability nightmare. I do hope we can find ways to make the way 1Password does this securely even more convenient...but I would still much rather send someone a 1Password invite than try to explain PGP or S/MIME setup to them. ;)

  • emilr
    emilr
    Community Member

    @Ben Yes, there is a limit to how easy one would make it to share secrets with effectively the entire world and the only security being a url and the idea if burning the secret after it have been viewed.

    @brenty Agree, 1Password invites is like 100 times easier to work with than PGP and the likes :)

    I appreciate that you are taking your role as guardians of our secrets very serious and I hope that you at some point will come up with something even more clever than laid out it this thread to solve this problem.

    Enjoy the weekend :)

    Best regards
    Emil

  • I appreciate that you are taking your role as guardians of our secrets very serious and I hope that you at some point will come up with something even more clever than laid out it this thread to solve this problem.

    We'll keep brainstorming. :+1:

    Enjoy the weekend :)

    Same to you. :)

    Ben

This discussion has been closed.