Is It Possible To Also Encrypt URLs In The 1Password Keychain?

clockworks
clockworks
Community Member

As you know, 1Password does not encrypt certain information in the 1Password Keychain. Among those is the URL for the site that the (encrypted) username and password belong to.

Now, it should also be known that Dropbox (the company) has the ability to look into everybody's account and read the Data that is stored there. I'm not saying that they do that to spy on anybody, but they do it to create previews of word documents for example, that are opened automatically by their service on a regular basis (you can read all about it here: http://www.pcworld.com/article/2048680/dropbox-takes-a-peek-at-files.html ). After this became public Dropbox changed the process that creates previews to not leave any traces. But they are still opening the documents.

I like Dropbox synching for the convenience and cross platform compatibility, but it makes me feel uneasy knowing that they can take a look at the 1Password Keychain and see in plain text at which sites i have an account. On most sites the username has been replaced by the E-Mail Adress which they also know, since it is my Dropbox username. Those are already 2 important pieces of information for a potential attacker. The attacker doesn't even have to be a Dropbox employee. It could be anyone who manages to hack into my Dropbox account.

Last but not least, knowing at which sites i have an account can also be used for targeted ads, spam or in scam attempts.

I read somewhere, that 1Password does not encrypt this information because it would slow down the App. If this is the only reason i would be willing to make this tradeoff.

Anyway, I would certainly feel safer if 1Password at least gave me the option to also encrypt the URLs in the Keychain file.

Comments

  • thightower
    thightower
    Community Member
    edited November 2013

    I read somewhere, that 1Password does not encrypt this information because it would slow down the App.

    Correct, if I remember correctly.

    Anyway, I would certainly feel safer if 1Password at least gave me the option to also encrypt the URLs in the Keychain file.

    Thats coming in a future update to the keychain. You can use it now if you only use iOS and Macs by using iCloud for syncing. If you need Dropbox for cross platform etc. The new keychain type is set to be rolled out only after Windows and Android systems are update to v4.
    Both have entered beta testing or will soon, from some of the chatter I have heard via Twitter and the 1P blog. At any rate beta signups are being accepted for both platforms.

    My point being it should only be a matter of time before we see the new keychain. Now trying to compare apples to oranges here. I would hazard a guess of at least 6 months, but again its only a wild guess.

    Here is some information on the new keychain 1Password 4 Cloud Keychain Design

    vs 1Password 3 Keychain

  • sjk
    sjk
    1Password Alumni
    edited November 2013

    Hi, @clockworks.

    About the Cloud Keychain format and its rollout that @thightower mentioned, here's related information from @MikeT:

    The iCloud sync is using our latest cloud keychain format with the latest security improvements. Right now, the Dropbox sync is still using the older 1Password 3 compatible format for compatibility reasons with other 1Password apps. We'll phase out the older format when the rest of 1Password 4 apps are released.

    >

    You can also find my post here useful.

    Specifically about URL encryption, from @jpgolberg's post:

    Moving from the Agile Keychain Format to the 1Password 4 Cloud Keychain Format means that we can also encrypted Title and URL (among a few minor items).

    There's plenty of juicy information in that post, topic, and others it refers to that you might find interesting and worthwhile. :)

This discussion has been closed.