Feature Request 1Password for Mac

jgalanter

I know you are hard at work on version4 and this may be the wrong forum, if so I apologize.

I would like to know if it would be possible to support 2 factor again? There was a time when the eikon readers were supported (loved it!) Would it be possible to support them or another system such as Symantec VIP access app? Thanks!

Jason

khad

I don't believe Eikon was ever actually supported. We're a small team and that means we need to be very careful where we spend our development resources. This is not a decision we took lightly: we needed to reduce the number of projects vying for our time and after careful analysis Eikon integration was one of many exciting features we had to let go. After 2 years of interaction with the Upek team to get the 1Password+Eikon bundle into stores we decided it was time to focus on other projects.

Our existing blog post is useful for understanding the current state of multifactor authentication in 1Password, but it doesn't really address another very important aspect.

http://blog.agilebits.com/2011/09/23/two-factor-or-not-two-factor/

I'd like to highlight the distinction between an authentication password and a decryption password.

Let me give a simple examples. Suppose you have a file encryption program called FileEncryptionProgram.app. It encrypts a file for you and stores the encrypted file as my-secret-diary.asc.

Now the developers of FileEncryptionProgram could implement a form of multifactor authentication before the application would even begin to think about decrypting my-secret-diary.asc. That wouldn't be hard to do on the Mac.

But now imagine what happens if Mallory (an attacker) gets ahold of my-secret-diary.asc. Mallory can take that file off to his secret lair and try to attack the encryption on it. Mallory does not need to launch FileEncryptionProgram at all. Indeed, Mallory would be wise to use his own password guessing program that is built for speed and designed for the format of my-secret-diary.asc.

Mallory is trying the decrypt the data. Mallory does not need to authenticate with some particular program or service. This is the case with 1Password data as well. Anyone can write a program that decrypts the data if they can get the master password. The data is protected by the encryption and the design of our data format. An attacker doesn't need to (and typically wouldn't) go through the 1Password application itself. In fact, this is exactly what John the Ripper does, and 1Password protects your data in ways which are appropriate to its design (i.e. PBKDF2 key strengthening).

http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/

Classical approaches to MFA won't work for us because unlocking your 1Password data is not about authenticating to some service. So sure we could add an authenticator for using 1Password.app itself, but it wouldn't actually provide any real additional security. It would be just for show.

Instead we would need a key splitting approach, and it would need to work across platforms. We do have ideas of how we could do this, but it would add complexity everywhere, and to every platform. It couldn't just be an option that you use on one platform but not another. (If it were, it would mean that the data could be decrypted without the second factor.)

Again, I'm not saying that we can't do it. (We have some good ideas about how we could.) But I am saying that at the moment we are disinclined to do it for the reasons outlined above and in our blog post. Even if it is made an option, we know that there are people who will sign up to every "more secure" option available to them, even if it is the wrong choice. We've joked about presenting people with a quiz about data security before allowing them to enable such an option, and still with a flashing red sign saying "This is a bad idea. Don't enable this."

Using a second factor in the way that we would have to doesn't just double the chance of getting locked out of your data, it increases those chances dramatically. This is because your 1Password data is backed up in a variety of different ways, with robust checks that it isn't damaged. But your second factor couldn't be backed up and stored with your 1Password data. And indeed, it would typically be stored on some other device (an encrypted USB drive or smartcard). Damage to that would be unrecoverable.

Anyway, thanks for bringing this up. We should do a blog post on the distinction between authentication and encryption passwords sometime. (The distinction is relevant to more than just MFA, it is also why you should only change your Master Password if it is weak. A good Master Password should be for life.)

I hope that helps. If we can be of further assistance, please let us know. We are always here to help!

BiomedEngineer

Great explanation Khad; I had requested MFA in my post in the MAS forum, but after reading this I see why the developers are not convinced it'll add that much security. I guess the best way is still to have a strong master password.

By the way, your forum posts and the author of the Agile blogs (Jeff...maybe others?) are excellent technical communicators. You guys make complex topics easy to understand (although I would very much welcome a slightly more technical details). I also appreciate the transparency with how your software works. Your blog and your forum answers helped persuade me to go with 1P, even though I was extremely hesitant going for a proprietary tool since coming from the open source Keepass tool.

MikeT

Hi @BiomedEngineer,

I'll be sure to pass it on to Khad/Jeff, I'm glad they were able to help you. Technical details are something we're working on, the most recent technical document we published would be the new Cloud Keychain Format. :)