DropBox Security

I have just set-up 1Password + Dropbox to sync my keychain and found it very impressive. However, I have one concern about security. I feel uncomfortable knowing that my data is apparently now being stored on a third party server somewhere in the world in a place I do not know. Can anyone reassure me that these fears unfounded please?

Comments

  • Hi SeaGull, welcome to the forums.

    You have a valid concern. There are actually two different encryptions being done before your data is sent to the cloud/Dropbox or as you say, third party servers. Your 1Password keychain is always encrypted by 1Password, even before Dropbox comes into the picture. So even if hackers break into your Dropbox folder, they still have to deal with the encryption in your keychain. Now Dropbox does the same thing, everything in the Dropbox folder is automatically encrypted by Dropbox before it uploads it to the Dropbox's servers or as we know it, the cloud. The only time the data is decrypted is when you enter the password to unlock the keychain, and that is on your machine first, not live on the cloud.

    Of course, none of those encryptions will ever help if you use a weak password as the master password for 1Password and for your Dropbox account. If you use a password like "1234", all hackers have to do is enter 1234 to log into dropbox site, copy the keychain file over and unlock it with the same password "1234". So always follow the strong password policy when it comes to creating your passwords.

    Here's some information about Dropbox's security:
    https://www.dropbox.com/help/27
    and the information about our keychain's security:
    http://help.agile.ws...ain_design.html

    If you want even more information about both the Wi-Fi and Dropbox Syncing:
    http://help.agile.ws...is_syncing.html

    I hope that helps with your concerns.
  • SeaGull
    SeaGull
    Community Member
    MikeT wrote:

    Hi SeaGull, welcome to the forums.

    You have a valid concern. There are actually two different encryptions being done before your data is sent to the cloud/Dropbox or as you say, third party servers. Your 1Password keychain is always encrypted by 1Password, even before Dropbox comes into the picture. So even if hackers break into your Dropbox folder, they still have to deal with the encryption in your keychain. Now Dropbox does the same thing, everything in the Dropbox folder is automatically encrypted by Dropbox before it uploads it to the Dropbox's servers or as we know it, the cloud. The only time the data is decrypted is when you enter the password to unlock the keychain, and that is on your machine first, not live on the cloud.

    Of course, none of those encryptions will ever help if you use a weak password as the master password for 1Password and for your Dropbox account. If you use a password like "1234", all hackers have to do is enter 1234 to log into dropbox site, copy the keychain file over and unlock it with the same password "1234". So always follow the strong password policy when it comes to creating your passwords.

    Here's some information about Dropbox's security:
    https://www.dropbox.com/help/27
    and the information about our keychain's security:
    http://help.agile.ws...ain_design.html

    If you want even more information about both the Wi-Fi and Dropbox Syncing:
    http://help.agile.ws...is_syncing.html

    I hope that helps with your concerns.




    Hello MikeT

    Thanks for taking the time to give such a detailed reply!


    Regards

    Seagull
This discussion has been closed.