Feature Request: manually drop my keychain file
Please allow users to manually drop my keychain file again or create a WiFi sync for android. I will not upload a password keychain to the cloud. Even if the master password is a 27+ character passphrase. I am concerned that many users wont think of the critical risk level uploading a password keychain to the cloud presents.
Comments
-
I agree with above comment. I'm syncing with Dropbox because there isn't another option. But it doesn't feel very safe.
0 -
I can't make any promises about what alternative sync mechanisms will become available in the future, but we certainly would like to give people more choice and control over their own data.
I should point out that 1Password provides end-to-end encryption. Your data is encrypted with keys derived from your Master Password. Only you know your Master Password and neither us nor Dropbox nor anyone who has access to your data on Dropbox ever sees those keys or your Master Password. Quite simply, we are not relying on Dropbox security for your data privacy.
We assume that attackers will be able to capture your encrypted 1Password data, whether it be from your own disks (for example if your computer is stolen) or if they retrieve it off of a sync service. 1Password is designed with that threat in mind. This, really, is what encryption is all about. It allows you to keep information private even when it is sent over an insecure channel or stored on an insecure device.
I know that it is a very long discussion, but you may wish to look at the discussion that began last June as a follow-up to our article on the NSA PRISM program. Note that much has happened since that discussion. We have revived WiFi sync in 1Password 4, and we've advanced in rolling out a new data format which is less filesystem intensive, and we enabled non-Dropbox synching for some platforms. Again, I can't make any promises about what will reach Android or when, but I hope you see that much of the under-the-hood redesign of 1Password 4 does open the door to more synching mechanisms.
Cheers,
-j–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Thanks for the response. The end-to-end encryption is a great benefit to the security of our passwords but it's not 100% secure. I'd feel a lot better about 1Password creating their own sync servers though I understand that's a huge undertaking. Having worked in the network security field for nearly a decade I don't trust Dropbox's security off hand.
Still, the beta is a huge improvement from the Reader app so kudos overall.
0 -
Thank you for that vote of confidence @foresme!
There was actually a time in the distant past when we attempted to run our own sync service, My1Password. I'm not saying that it won't happen again, but as you note, it would be a huge undertaking.
One of the many issues is how to guaranty that we would never have the opportunity to see your Master Password as you authenticate to the service. With people using Dropbox, we most certainly hope that nobody is using the same password for Dropbox login as for their 1Password Master Password, but we couldn't really expect people to maintain two 1Password passwords. (There are protocols to handle this, but they rely on some other assumptions.) Quite simply, we don't ever want to be put in the position that Lavabit was put in. So we have to ensure that things are set up so that there isn't even a way in which we could be coerced into evil.
Of (almost) any sync service can be coerced into doing evil, but nobody (but you) can be coerced into revealing your Master Password. We'd like to keep it that way.
There are protocols that would solve that particular problem, but this illustrates the kind of issue we would have to consider in offering a sync service. And again, I'm not saying it won't happen, but it would be a lot to do.
Personally, I'm hoping that Tahoe-LAFS succeeds (and Andriod and iOS APIs are developed) so that we could offer people the ability to sync over that.
0