Feeling paranoid after the Evernote hack :(
The two apps I rely on most are 1PW and EN. Thanks to 1PW I've never had the need to store passwords, account #'s, software s/n's, etc., in EN. But I also thought I had a relatively strong password for EN. They're erring on the side of caution by forcing a global pw reset. I do store things like financial statements, check stubs, tax papers., etc., in EN, so am feeling quite vulnerable right now. I guess my point is I need some reassurance that 1PW is doing all it can to keep something like this from happening to its users. And yes, I use a totally different and (IMHO) VERY stout pw for iPW.
Comments
-
Similar concern with a twist - your old board had a question as to if WiFi sync was going to be reimplemented as opposed to needing to use dropbox, etc. So, this hack does renew that concern. I have used your product for some time, but had not realized that the Ap Store was hawking a new version. Before I jump, I want to be sure I can sync without reaching out to some (untrusted) cloud. And, I also am curious as to the piece of your product that resides on my MacBook - do I need to purchase a new version there? Thanks.
0 -
Agreed. Reliance on a third party (even one as "reliable" as Dropbox) to me adds another level risk for compromise.
0 -
From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of a Dropbox breach or if someone physically stole your computer. As such, we use AES encryption along with PBKDF2 key strengthening to protect your sensitive data. Please do be sure to read our document on this:
Security of storing 1Password data in the cloud
As long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take review our tips for creating strong, memorable master passwords.
I can't think of many better ways to show just how strongly your 1Password data is protected from sophisticated, targeted attacks than by pitting it against the pre-eminent password cracking tool John the Ripper. That's exactly what we did, and you can read about it in the aforelinked blog post. :)
If you are still feeling cloud averse, USB syncing is also available.
I hope that helps you make an informed decision. Please let me know if there is anything else I can help with.
Cheers!
0