If using dropbox sync, is it OK to manage my dropbox password with 1password?

rhyt
rhyt
Community Member
in Mac

Something in my mind is telling me this is a bad idea. But I can't quite come up with the scenario to prove it. So I'll ask the experts... Are there any reasons why this would be a bad idea?

Comments

  • Megan
    Megan
    1Password Alumni

    Hi @rhyt,

    I sync my data via Dropbox and my Dropbox password is stored in 1Password. However, I've made sure to use Diceware when generating the password so that it is easily memorable (and type-able) in case I do not have access to 1Password on any of my devices and need to view my database. You can read more about Diceware passwords here: Towards Better Master Passwords.

    If you're concerned about security, we are very confident about storing 1Password data in the cloud, as your data file is encrypted with an exceedingly secure encryption algorithm called AES. Even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your Master Password. In short, we believe it is just as secure as having the data on your laptop. To learn more about cloud data security, have a read through the following article.

    http://help.agilebits.com/1Password3/cloud_storage_security.html

    And you can see the thoughts behind our data format's design here.

    http://learn.agilebits.com/1Password4/Security/keychain-design.html

    Also, you can check out our blog for many more articles that go into the nitty gritty math behind what makes 1Password so secure.

    http://blog.agilebits.com/tag/cryptography_/

  • rhyt
    rhyt
    Community Member

    Thanks! I was not concerned about putting my data in the cloud, but putting my dropbox password inside dropbox seemed a bit like locking your keys in the car.

    For example, if the dropbox password was not memorizable, then the only way to get into dropbox would be through 1Password, which is itself dependent on getting into dropbox. (Or is it? See explanation below...)

    Ultimately, my concern was about how tightly coupled 1Password is to dropbox. If 1Password was unable to sync for some reason (or if it hadn't been been synced in a long time, etc) is there any situation in which 1Password would deny me access to the locally cached password database? Regardless of how outdated it might be.

    Thanks again for your helpful response. Using Diceware for dropbox resolves any concern I had, but I'm still curious about the question above.

  • Jasper
    Jasper
    edited April 2014

    Hi @rhyt,

    As long as you know you master password, you can always access your local 1Password data without access to Dropbox (or access to the internet).

    But like Megan said, it's still a good idea to use Diceware and create a memorable Dropbox password anyway. :)

  • rhyt
    rhyt
    Community Member

    JasperP, thanks for the additional clarification.

  • Jasper
    Jasper

    You're welcome! Please let us know if you have any other questions. We're always here to help! :)

This discussion has been closed.