Auto Destruction after x wrong password attempt

Reventon

Hi , i am new to here but not really new to 1Password. Been using this app for quite sometime since the 1st gen of iOS app till now 1Password 4. The only missing app is on my Android devices so i have to use another app mSecure on the platform.
One thing i found mSecure is nice to have is the Auto Destruction mode after a few time wrong password attempt which really makes me have piece of mind to save those sensitive data in the app.
As i have read the post here http://discussions.agilebits.com/discussion/comment/2825#Comment_2825 , i think the dropbox and icloud sync should be able to make this possible. mSecure using the live sync so whenever there is new input or edit , it will auto sync with dropbox live. So even accidentally deleted data also easily sync back with the dropbox backup file.
I seriously hope 1Password team will implement this auto destruct function in the coming update. Then i will be a really happy users of 1Password. Most of my Android friends are consider to use 1Password on Android once released but they are on the fence because no Auto Destruct function like mSecure. This is the only missing important feature on this almost perfect app!

Megan

Hi @Reventon,

Thanks so much for adding your thoughts on this subject. Khad has written a very detailed post on this subject and I think he addresses several of your key concerns, so I'll quote him a bit here.

First of all, there is the concern that a feature like this will give you the illusion of security without actually increasing your security.

Self-destruct mechanisms are also easily defeated unless running on a very tightly controlled operating system. (So these would be possible on iOS, but not on the Mac or Windows). The easiest way to defeat such a mechanism is to write a separate program that doesn't use 1Password at all but still tries to break into your 1Password data.

Basically, if a sophisticated attacker were to get their hands on your 1Password data, they wouldn't be trying to manually enter passwords through the 1Password app, which would render the destruct sequence useless.

You also shouldn't underestimate the strength of the encryption of your data. If your master password is reasonably okay, the time it would take to automatically guess and test enough master passwords to come close to getting yours is literally astronomical. That is, we are talking about measuring the time in terms of the age of the universe.

You can read all about 1Password's encryption here: http://learn.agilebits.com/1Password4/Security/PBKDF2-overview.html.

I hope this helps to explain why we don't have such a feature enabled, but I'd be happy to answer any further questions you might have!

Reventon

Perhaps it does not guarantee anything about added security but its another great to have feature to build in. It let users to choose what level of security they need. A great app is something that let users customize to their preference. right? Hope this take into consideration. There are several post by 1Password team member about this which mean there are peoples who want this as well. :)

jpgoldberg

Hi @Reventon!

We tend to be reluctant to add features that only create the illusion of additional security without actually creating additional security. Not only is such deception bad in and of itself, it can lead to less secure behavior. For example, if someone thinks that their data is protected by such a mechanism, they may choose a weaker Master Password than they ought to.

It's great that you are thinking about such security measures,. And I'm delighted that you are asking about this and I enjoy the opportunity to point out that the kinds of attacks that people may imagine are not the same as the kinds of attacks that we actually need to defend against.

If someone gets a hold of your 1Password data, they do not need to use our software to try to open it. That is, a professional attacker (the only kind we need to worry about) won't be typing guesses into the 1Password software itself. Instead they will be running their own automated password guessing software against the raw 1Password data. They will be doing so on their (specially built) computers for fast password guessing.

Here is an (older) article that discusses how such password crackers work and what they mean for 1Password in general and here is a more recent one talking about how the latest versions stand up agains the most recent crackers.

Again, the point here is that are defending against the meaningful threats, and putting in something that would make people (incorrectly) think that a weak Master Password is good enough would go against those efforts.

Finally, let me point out the dangers of such a wiping system. Would you want someone to be able to maliciously (or even accidentally) wipe your data? For me, the lose of my 1Password data would be catastrophic. I'm not sure that I would want my data so easily destroyable.

I would like to encourage people to think about their security and offering suggestions as you have been. So please continue to do so despite the fact that we will sometimes say "no" to some suggestion.