My threat model has changed such that highly-sensitive info is no longer suitable for storage in 1password. Specifically I need to protect against
Before I get an onslaught of responses indicating that the responsibility lies on me to use a secure device/environment, that's easier said than done. Most of my data is low sensitivity and I'm happy to take the risk with that. Other data is highly-sensitive and requires additonal protection/layers. I do not want to keep highly-sensitive data alongside low-sensitive data.
Thus I have deleted highly-sensitive data from my account, or added more protection (e.g., moving TOTP keys outside 1password, to a hardware device).
I will acknowledge that the correct solution is to rotate rather than destroy (e.g. rotate TOTP keys). But that's not what this question is about.
I need to ensure the highly-sensitive data is 100% deleted and unrecoverable in the case of account compromise.
Can you elaborate on the following questions:
1) When I delete an item, what is the policy around hard deletion? It seems like items are still recoverable for over a year.
2) When I View Recently Deleted Items -> Destroy Item , what guarantees can you give me that the item has in fact been wiped from disk. I'm interested in the details here, and feel free to refer me to your cloud provider's documentation.
3) How can I wipe/destroy an item's history. When I go to item -> Item History I there's a button to view but not destroy the historic version.
4) What is the advice around storing data of different sensitivity levels with 1password? I want to be able to use 1password to unlock low-sensitive information in insecure environments (like a possibly compromised machine/public space) but also use it to unlock high-sensitive information in secure environments (like a hardened machine at home). Consider this a feature request. You could do this by double-encrypting highly-sensitive information with a second master password for example.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided