Protecting 1Password when one device stolen
I have 1Password on iPhone, iPad and MacBook Air which I have with me and on an iMac which has just been stolen from my home. I have delinked the stolen device from Dropbox and have changed my 1Password master password on my MacBook Air which is connected to the internet. Is there more I need to do to protect my passwords?
Comments
-
The first thing to remember if your computer or device is stolen are the simple words, “don’t panic.” The fact that you have been using 1Password already means that you’ve done 90% of what you need to do to protect your data. All the actions described here are just extra precautions.
Your 1Password data is safe from known attacks. But we also need to be concerned about attacks that we don’t know about. So it would be a good idea to change your Dropbox password quickly after discovering that your iPhone has been stolen. Your 1Password master password is actually the kind of thing that should be made strong from the beginning and rarely changed, but you may wish to change that as well.
If you have your iCloud account set up on that iMac, you may also try the Remote Wipe feature. This is a good thing to try if your computer or device is stolen, but keep in mind that anyone who would launch a sophisticated attack against your computer or device would know to either keep it disconnected from the Internet or remove the SIM card first to foil Remote Wipe and Find My iPhone.
In the vast majority of cases of a stolen computer or device the thief is far more interested in selling the device than the data it contains. Once they see that it is password protected, they will just wipe it themselves. But we aren’t only interested in the vast majority of cases. We have designed 1Password to withstand sophisticated attacks as well as casual ones.
If we can be of further assistance, please let us know. We are always here to help!
0 -
Hi, I have similar concerns: I have Dropbox running on several computers: if someone copied my Dropbox 1Password.agilekeychain file, would that give them the ability to get to my data??
0 -
if someone copied my Dropbox 1Password.agilekeychain file, would that give them the ability to get to my data??
No. They would need your Master Password to access the data just like you need it to access it yourself.
From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of a Dropbox breach or if someone physically stole your computer. As such, we use AES encryption with PBKDF2 key strengthening to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:
Security of storing 1Password data in the cloud
So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe (even when stored on a service like Dropbox). If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:
Toward Better Master Passwords
I can't think of many better ways to show just how strongly 1Password protects your data than by pitting it against the pre-eminent password cracking tool John the Ripper. We did exactly that:
1Password is Ready for John the Ripper
It is good that you are thinking about these things. Please let me know if you have any other questions or concerns.
Cheers!
0 -
Thanks for your clear and reassuring messages, Social Choreographer.
0 -
If my computer is on and it is stolen, then what is to stop someone from accessing all my accounts that I have passwords stored for? When I go to logon to a site, it doesn't ask me for the master password every time. It just submits the username and pasword and logs into the site. Am I missing something?
0 -
Hi @ctoppel,
You can set your lock settings in Preferences > Security. There are a variety of settings here that can be customized to best fit your needs, including settings to lock 1Password on sleep and lock when the screensaver is activated. Changing the settings to lock more quickly when your computer is inactive can also help guard against someone getting a peek at your data if your computer is left unattended.
It is a matter of personal preference how you balance these settings to optimize your own security and convenience.
0