Why does 1P on Dropbox not respect the principle of least privilege?

I was disappointed to see that the release candidate still requires access to my entire Dropbox account. What reason is there to not limit access just to my 1Password keychain?

http://en.wikipedia.org/wiki/Principle_of_least_privilege

Comments

  • I suspect that since you might have a 1Password vault anywhere on your Dropbox, more general access is required.

    Of course, I haven't figured out yet how to access a second vault on the Android version as I do on iOS and Mac. But, I figure either I'm overlooking something or it's a feature that will be finished soon for Android.

  • Accessing a second vault is a feature that apparently won't come until a subsequent version for Android, unfortunately. You make a good point about the need to access two vaults, however, why does 1P create a dedicated directory for all vaults, and limit its access to just that directory?

  • Thanks for the link @ RichardPayne. The short answer for anyone else: 1Password needs this access for historical reasons, and it might be fixed / improved in the future. No promises, as is standard Agile Bits practice.

  • mverdemverde

    Team Member

    @RonHeiby‌ Multiple vault support is something that hasn't yet been implemented on Android. It is one of the more popular feature requests from our beta testers though, so you are not alone in wanting it!

    @RichardPayne‌ Thank you for posting that link!

    @EnerJi‌ While we tend to shy away from making specific promises, we do promise to keep improving 1Password! ;)

  • +1 request for Multiple Vault support on Android.

  • mverdemverde

    Team Member

    I will continue to your requests on to our development team - thank you for the feedback!

This discussion has been closed.