what happens to my backups after i change the master password

Options
blacknell
blacknell
Community Member
in Mac

Title says it all I think, but i know many backups exist on my Mac (I have 1Password 6.8.8) and after I changed my master password I want to be sure they can't be read with the decrypted one.

1Password Version: 6.8.8
Extension Version: Not Provided
OS Version: OS 10.14.3
Sync Type: Dropbox

Comments

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    Hi @blacknell!

    Can you please clarify something for me that I am not sure I understand?

    after I changed my master password I want to be sure they can't be read with the decrypted one.

    What do you mean by "the decrypted one" in this sentence?

  • blacknell
    blacknell
    Community Member
    edited March 2019
    Options

    ok, 'decrypted one' meant my previous master password. I have a vault that was encrypted with master password A. I change the master password and now the vault is encrypted with master password B. But are the backups still encrypted with master password A and are they therefore readable if you know master password A.

  • Lars
    Lars
    1Password Alumni
    Options

    @blacknell - that's correct. In standalone 1Password, backups are like a snapshot of a moment in time for your 1Password data. That includes not just whatever data you had at that time (and does NOT include things added, changed or deleted since then), but it also uses the Master Password that was in use at that time. If you wanted to be sure there were no copies of data (either current or backups) that could be opened with your previous Master Password, you'd need to delete any backups that date to before you changed the Master Password.

  • blacknell
    blacknell
    Community Member
    Options

    Seems like a huge security flaw. If my master password is compromised (or if technology has moved on that it could be brute forced) then changing it doesn't do a great deal. TimeMachine and elsewhere will have copies of the backups.

  • Ben
    Ben
    edited March 2019
    Options

    @blacknell

    You are correct that changing the Master Password is not a good solution to a compromise. The only sure fire way to prevent a compromise of your data if your Master Password is compromised is to change your credentials. This is why we recommend to companies that when folks leave their employment they change the passwords for any resources they had access to.

    Here is (part of) the difficulty. What if someone has already stolen a backup from you when they discover your Master Password? You change your Master Password, and if we do what it sounds like you're suggesting, we re-encrypt all of the backups you have. But they still have the one they stole. We can't re-encrypt that one. They can still unlock it using the old Master Password. So it seems doing that would just give folks a false sense of security with little if any benefit. Changing your credentials for each service would be the only solution to that problem.

    Ben

  • blacknell
    blacknell
    Community Member
    Options

    That's a good point.

    I'd like the option to disable backups.

    And a choice as to where to put them (the backup files) where I want them.

    Right now I'm looking to hunt down every back up ever and destroy (or move off site)

  • Lars
    Lars
    1Password Alumni
    Options

    @blacknell - 1Password's backups location has never been user-selectable, because it caused too many problems to make it so, up to and including data loss, too frequently. At present, there's no way to turn off automatic on-device backups either, though that option may be coming in the future.

  • Ben
    Ben
    Options

    What would be the purpose of disabling backups? If someone is in a position to steal your backups, they're also in a position to steal the keychain, which is protected in the same way. I think perhaps a more effective approach would be to use FileVault on your Mac and lock it when you aren't in front of it.

    Ben

  • blacknell
    blacknell
    Community Member
    Options

    It's not protected in the same way. The issue is that the backups were created before I changed my master password, so now I have a load of backups floating around that I didn't even know about (my bad) accessible with the old master password. Although my old master password has not been compromised I consider it weak which is why I've changed it.

    fortunately for me the timemachine encryption is strong so they'd have to crack that first.

    but nonetheless I can't be sure they're the only copies (of the backups) out there

  • Ben
    Ben
    Options

    I see what you're saying. In that case I can see some sense in deleting the older backups, though I'd still recommend changing the credentials that were protected by the weaker Master Password. I wouldn't think that would be cause to not have any backups going forward, though. It seems the risks mitigated by having a backup would far outweigh any security concerns, but I suppose it is up to each individual to evaluate what threats they may face and act accordingly.

    Ben

This discussion has been closed.