Question about encryption
I use Time Machine to backup my Mac to an external hard drive connected to my router. As a result, I assume that my 1Password backup file is included in these Time Machine backups. If that is right, am I also right that anyone that is connected to my network or that is able to hack my network drive would then have access to this backup file and they would be able to use it to restore 1Password as long as they had my master password, i.e., that the sole thing protecting me is my master password?
Comments
-
Hi @RMSko,
I assume that my 1Password backup file is included in these Time Machine backups.
Your 1Password data and backups are located at:
~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/(Mac App Store version)~/Library/Application Support/1Password 4/(AgileBits website version)So if those locations are included in your Time Machine backup, then your 1Password data will be there too.
am I also right that anyone that is connected to my network or that is able to hack my network drive would then have access to this backup file and they would be able to use it to restore 1Password as long as they had my master password
If your network is password protected, and hard drive is encrypted, it obviously wouldn't be easy for someone to gain access to the contents of the drive. But if someone did, your 1Password data file and backups are still encrypted using your master password. Though if someone has you master password then they would be able to decrypt your 1Password data.
that the sole thing protecting me is my master password?
Basically, yes. If someone knows your master password, they can access your 1Password data. That's the same way you access it.
But as long as you have a strong master password, your data is very secure. AgileBits assumes that an attacker will be able to capture your encrypted 1Password data, whether it be from your own disk or if they retrieve it off of a sync service. 1Password is designed with that threat in mind. This, really, is what encryption is all about. It allows you to keep information private even when it is sent over an insecure channel or stored on an insecure device. Your data file is encrypted with AES and it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your strong master password.
If you're interesting in learning more about your 1Password data's security, check out these links:
Security and Design Overview
1Password is Ready for John the Ripper
But it really does all come down to your master password. The best protection for your 1Password data is a strong and unique master password.
Toward Better Master Passwords
Better Master Passwords: The geek edition
Hope that helps! :)
0 -
Thanks, this is extremely helpful. I do have a strong MP so I think I'm okay. Interestingly, I'm not able to find the 1Password backup file in my Mac Time Machine backup. I find it in Finder under Library/Application Support/1Password 4, but when I go to my Time Machine backup and navigate to the same Application Support folder, I don't see any folder or file for 1Password. Any thoughts?
0 -
Ignore the prior post. I was looking in the Macintosh HD Library instead of my individual user Library.
0
