Secure Share of Notes
I'm looking for a way to pass someone a password in a secure way. In 4.0 there is the Share option, but as written on the website this is just an obfuscated version of the note or password. Anyone that can see the shared note passing can, by installing 1Password, see the plain text version as well. Given the focus on security this makes little sense to me, and I think gives a lot user a false sense of security.
I would really like to use this feature, but then in combination with a password on the crypted url. This allows me to agree on a password for communication once, and then pass the notes securely. Can this be added, is there already a way, or do I misunderstand the share function?
Kind regards,
Martijn
Comments
-
Hi @martijnleopold,
Thanks for your feedback here! If you haven't already, please take a read-through our security expert's post on Understanding Sharing. If you're still not comfortable with sharing this way, and you anticipate sharing multiple times with the same person, you might want to consider sharing a non-primary vault.
That being said, our developers are always looking for ways to beef up our security, and I'll be sure they hear your suggestions.
0 -
Hi Megan,
Thanks for the reply and the pointers. The understanding sharing article exactly outlines the problem, the channel needs to be secure and the traces need to be deleted. The last point is my main concern, most of our team members keep a log of all iMessage conversation, never delete emails and e.g. Skype holds a long history. TimeMachine and other backup mechanisms also add to the lifespan of a message. We do this with good purpose, as not to lose our own history.
With a small company we use shared vaults and shared KeyChains, but as we grow the number of shared points becomes quite large. With 15 people sharing with the others (quite some people create password for e.g. servers) the theoretical number of boults would be 14*15, with as many shared passwords.
Martijn
0 -
Hi @martijnleopold,
Thanks so much for describing your use case here. When dealing with issues surrounding sensitive information, it's always a tricky balance between security and convenience, and we do our best to find an agreeable middle-ground. I'll be sure to pass this along to the developers - a more secure single-share alternative could be a very useful feature! :)
0
