Can unencrypted 1Password data get sync'd onto Dropbox on the Internet?

markman
markman
Community Member
edited September 2020 in 1Password 4 for Windows

I am using 1Password standalone 4.6.2.626 and am slowly upgrading my computer systems; one part of that will be 1Password, but for now I use 4.6.2.626 with a Dropbox sync between iPhone and four computers, and it works well.

My Dropbox vaults are stored on each Windows PC in the Dropbox folder locally, which then gets sync'd to the web. The data magically gets accessed via Dropbox from any of my other devices, which also use the same Dropbox account. Everything works perfectly!

However, I am wondering if it is possible for unencrypted data (ie: passwords) or an unencrypted file to end up sync'd to Dropbox, and hence onto the Web. For example, when I open 1Password and decrypt a password, does 1Password do it in computer memory so that the decrypted password never gets stored to disk or sync'd to Dropbox on the Internet? I'm guessing that's how it works, but is there any possibility that something unencrypted might get sync'd to my Dropbox account on the web? I'm just nervous about computer security and things I can't see! Does anyone know how the process works, and how safe it is?

Thanks

Mark


1Password Version: 4.6.2.626 Standalone
Extension Version: Not Provided
OS Version: Windows Home 10, iPhone
Sync Type: Dropbox personal

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @markman, thank you for reaching out and using 1Password!

    First of all, since you are using an old version of 1Password 4 for Windows, I moved our conversation to its own 1Password 4 category of the forum. I hope you don't mind. :)

    As for your question at hand: 1Password is designed in such a way that the security of your data does not rely on the sync service you choose to use. 1Password data is always end-to-end encrypted, with the only end points being your devices which you enter your Master Password on. Regardless of which sync service you choose, someone who has or is able to gain access to that cannot decrypt your data without your Master Password.

    However, as I mentioned above, 1Password 4 is a legacy version of 1Password for Windows that will receive only critical security updates in the future. We released 1Password 7 for Windows and the best way to start using it now is with 1Password membership account. Please check it out:

    About 1Password membership

    We also have an additional layer of protection when it comes to 1Password membership – the Secret Key. You can read about what the Secret Key is and does in our guide, here:

    About your Secret Key

    You can consider the Secret Key as a security benefit to using 1Password membership account instead of other 3rd party sync options, specifically if you were working on the assumption that any of these systems could be breached. If all data were stolen from Dropbox, and all data were stolen from 1Password.com, it would be more likely an attacker could decrypt the data stolen from Dropbox than that stolen from 1Password.com. If you use a strong Master Password, it is highly unlikely they'd be able to do so in either case.

    Please let me know if you have any further questions, we are here to help. Thanks! :+1:

    ++
    Greg

This discussion has been closed.