A Loophole With Using 1Password?

LeytonBlackler
LeytonBlackler
Community Member

I have just started using 1Password on my devices and I love it! I am encrypting all of my passwords using the password generator and using those for all of my accounts. Although I have thought of a possible complication. I sync my keychain to Dropbox to use it on all of my devices, if for example my laptop and phone are stolen, how can I retrieve all of my encrypted passwords? I know that the keychain will be on the Dropbox server and I can use the '1Password Anywhere' feature, but if my Dropbox account has a long generated password stored inside 1Password, how can I access it? I'm not sure how I would get around this as it seems like a big loop:
"Can't get passwords from Dropbox because the password for Dropbox is in Dropbox."
If anyone can think of a solution, that would be great.
Cheers,
Leyton Blackler

Comments

  • Stephen_C
    Stephen_C
    Community Member

    Just thinking outside the box, I wonder whether the 1Password Emergency Kit would help. (It's not an AgileBits product...and it's simply a piece of paper. ;) )

    Stephen

  • [Deleted User]
    [Deleted User]
    Community Member
    edited October 2013

    I think the official recommendation is to simply remember the Dropbox password. Use something like a five word Diceware passphrase.

    Also, don't treat your copy of the keychain in Dropbox as a backup. The purpose of Dropbox is to sync your data to your devices. Google "sync is not backup". Make backups of your 1Password data on external drives or CDs. If you encrypt those (in addition to 1Password's encryption) then you have to remember that encryption password as well to avoid Catch 22.

    If you DO rely on Dropbox as a backup, and don't want to remember the password, you could always reset the Dropbox password if you have access to the associated email account. You could setup a backp phone number to this email account, because you don't know its password. This phone number should not be your primary phone, of course. Buy an old Nokia and keep it somewhere safe and use your secondary phone number for it.

    Personally, I use the method of remembering the Dropbox password AND making CD backups of 1Password data.

  • LeytonBlackler
    LeytonBlackler
    Community Member

    Ok, I will make a file like the emergency kit idea above and lock it away. Is there any reason why using Dropbox as a form of backup is a bad idea? Because as I use more websites, the keychain constantly changes so the CD backups will become outdated.

  • [Deleted User]
    [Deleted User]
    Community Member
    edited October 2013

    Well the CD is only needed if your primary backup (Time Machine, Superduper, online backup) is protected by encryption/login. That's my reason for using it, at least. I only change the CD once a year or so, but that's not a problem given that I can use a few of my stored items to access the most current version of my 1Password data, which is stored in the cloud and on encrypted hard drives.

    And yes, using Dropbox as a backup is not a good idea. Google the terms "sync is not backup". Dropbox is not designed for backup uses. You should treat your data in sync as "one copy" because changes on one device (or the server) is syncing to your other devices.

    I think the most important thing is to think about different situations and plan ahead. What happens if Dropbox wipes the content of your account? What happens if your computer get stolen? Probably that means your external drives get stolen too, including your primary backups. Can the thief access your computer, and what does that mean to your Dropbox account and its data? And so on.

  • LeytonBlackler
    LeytonBlackler
    Community Member
    edited October 2013

    Thanks for the answer, I understand the reasons why syncing is not an ideal backup solution. I am making a back up of my keychain and putting it on a small flash drive which I will lock away in my safe. This way I'll just have to remember my master password and can refer to the flash drive if needed (which I'll need to manually backup ever so often).

  • sjk
    sjk
    1Password Alumni

    Thanks for the suggestions here, guys!

    I am making a back up of my keychain and putting it on a small flash drive which I will lock away in my safe.

    If that's an "on-site" safe you might also consider storing an archive/backup of your 1Password data (depending on how crucial it is) in a trustable off-site location with relatively convenient physical access.

This discussion has been closed.