Secure Share of Notes

martijnleopold
martijnleopold
Community Member

I'm looking for a way to pass someone a password in a secure way. In 4.0 there is the Share option, but as written on the website this is just an obfuscated version of the note or password. Anyone that can see the shared note passing can, by installing 1Password, see the plain text version as well. Given the focus on security this makes little sense to me, and I think gives a lot user a false sense of security.

I would really like to use this feature, but then in combination with a password on the crypted url. This allows me to agree on a password for communication once, and then pass the notes securely. Can this be added, is there already a way, or do I misunderstand the share function?

Kind regards,

Martijn

Comments

  • Megan
    Megan
    1Password Alumni

    Hi @martijnleopold,

    Thanks for your feedback here! If you haven't already, please take a read-through our security expert's post on Understanding Sharing. If you're still not comfortable with sharing this way, and you anticipate sharing multiple times with the same person, you might want to consider sharing a non-primary vault.

    That being said, our developers are always looking for ways to beef up our security, and I'll be sure they hear your suggestions.

  • martijnleopold
    martijnleopold
    Community Member
    edited December 2013

    Hi Megan,

    Thanks for the reply and the pointers. The understanding sharing article exactly outlines the problem, the channel needs to be secure and the traces need to be deleted. The last point is my main concern, most of our team members keep a log of all iMessage conversation, never delete emails and e.g. Skype holds a long history. TimeMachine and other backup mechanisms also add to the lifespan of a message. We do this with good purpose, as not to lose our own history.

    With a small company we use shared vaults and shared KeyChains, but as we grow the number of shared points becomes quite large. With 15 people sharing with the others (quite some people create password for e.g. servers) the theoretical number of boults would be 14*15, with as many shared passwords.

    Martijn

  • Megan
    Megan
    1Password Alumni

    Hi @martijnleopold,

    Thanks so much for describing your use case here. When dealing with issues surrounding sensitive information, it's always a tricky balance between security and convenience, and we do our best to find an agreeable middle-ground. I'll be sure to pass this along to the developers - a more secure single-share alternative could be a very useful feature! :)

This discussion has been closed.