Hard deletion policy

KUKA395KUKA395
edited October 3 in Memberships

My threat model has changed such that highly-sensitive info is no longer suitable for storage in 1password. Specifically I need to protect against

  • local device compromise
  • 1password code compromise (via an insider or supply chain attack).
  • use of 1password in an less-than-100%-secure environment (public spaces)

Before I get an onslaught of responses indicating that the responsibility lies on me to use a secure device/environment, that's easier said than done. Most of my data is low sensitivity and I'm happy to take the risk with that. Other data is highly-sensitive and requires additonal protection/layers. I do not want to keep highly-sensitive data alongside low-sensitive data.

Thus I have deleted highly-sensitive data from my account, or added more protection (e.g., moving TOTP keys outside 1password, to a hardware device).

I will acknowledge that the correct solution is to rotate rather than destroy (e.g. rotate TOTP keys). But that's not what this question is about.

I need to ensure the highly-sensitive data is 100% deleted and unrecoverable in the case of account compromise.

Can you elaborate on the following questions:

1) When I delete an item, what is the policy around hard deletion? It seems like items are still recoverable for over a year.

2) When I View Recently Deleted Items -> Destroy Item , what guarantees can you give me that the item has in fact been wiped from disk. I'm interested in the details here, and feel free to refer me to your cloud provider's documentation.

3) How can I wipe/destroy an item's history. When I go to item -> Item History I there's a button to view but not destroy the historic version.

4) What is the advice around storing data of different sensitivity levels with 1password? I want to be able to use 1password to unlock low-sensitive information in insecure environments (like a possibly compromised machine/public space) but also use it to unlock high-sensitive information in secure environments (like a hardened machine at home). Consider this a feature request. You could do this by double-encrypting highly-sensitive information with a second master password for example.

Much appreciated.
Anon


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @KUKA395

    Our security team would be in a much better position to engage on this directly. If you'd like you can reach out to them at [email protected] To avoid having to repeat yourself you can include a link to this forum post for them to refer to.

    I hope that helps!

    Ben

  • Hi @Ben

    Are there any problems adding answers to @KUKA395's questions here?

  • ag_anaag_ana

    Team Member

    I think Ben suggested to reach out via email to get a faster answer, since the security team can be contacted directly over there :+1:

  • local device compromise

    AKA using 1Password, personal vaults, on a corporate device.

  • BenBen AWS Team

    Team Member

    Certainly if you know or suspect your employer monitors activities on their devices in ways you wouldn't want your personal data monitored, it would be prudent to avoid accessing personal data (1Password or otherwise) on such a device.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file