Upgrading from V3 to V4 leaves unprotected password.txt file in Dropbox

Morkano2110

After upgrading from V3 to V4 and changing the sync platform from Dropbox to iCloud I found a 1password.txt file in the root directory of my dropbox, storing all my logins and passwords, nicely together :-O . Not sure if this was meant to be, but it does not come across as very secure to me. Such txt file was not in my dropbox before this upgrade. Not sure what caused it (the upgrade or change from dropbox to icloud).

Q: How secure is the cloud storage functionality really?

thightower

@Morkano2110

Are you referring to a file called ".ws.agile.1Password.settings" ? This is the only text file in the root of your Dropbox that should have ever been created.

It has never stored you password and user names in it. All it is, is a marker for the iOS app to sync to the database. If you open my text file aka marker file all it tells you is this. "1Password/1Password.agilekeychain" which means hey iOS device look inside a 1Password folder for a file called 1Password.agilekeychain in order to do its syncing.

Every user whom ran v3 had the file as v3 auto created it after a successful sync to Dropbox. Its normally hidden on the Mac, and very often only seen on the Dropbox website.

It may be best to handle this via email or here (your preference) If you choose email its support+forum@agilebits.com Sometimes more intricate details need to be given and a one on one with a support rep may help.

If you choose email please include a link to the topic so the staff can connect the dots as they say. Either way I am just a user like yourself, so wanted to give a little info, on what I could and hand it off to the staff.

Cheers.

Morkano2110

Thanks thightower. File is called 1Password.txt. Did V3 have the possibility to export plain txt files? In V4 I only see .1pif. Maybe at some point I exported but never noted this in my dropbox as there were so many 1Password files that now have disappeared after moving to iCloud? Maybe (hopefully) a more logical explanation in which case I have no reason to doubt cloud storage. But it freaked me out a bit to find all my passwords in the "open".

thightower

But it freaked me out a bit to find all my passwords in the "open".

No Doubt ! I would here as well.

Yes it did have the ability to do a .txt on export.

thightower

ps...

I would make sure to delete the file via the Dropbox web site and then show deleted files and purge the file from the Dropbox servers. I would store a copy inside 1Password just as a backup or you have further questions and so forth, at the least for a few weeks/months.

One kinda ironic note. Most ever site is recommending a password change due to HeartBleed. Now is as good a time as any to actually do that. I personally have changed a few major ones but a lot of sites are needing new certs etc.

If you want to read up on it and see 1Password's new tool then head over to the blog. http://blog.agilebits.com/2014/04/16/1password-watchtower-heartbleed-beyond/