Sharing options for sensitive information.

Options
ominous_bob
ominous_bob
Community Member
in iOS

I'm fairly new to using 1password and this is my first time on the forums so forgive me if this is a common question but, what is the point of having sharing options within the app? I mean I can see how some users might like and benefit from those options but as for myself, "send as plain text" is not something I want to see next to all my sensitive information. When I bought the app I did so after much research and a big upside to 1password is that everything is stored locally and not cloud based. So worst case scenario, someone figures out my master key which, albeit unlikely, could potentially happen if I were to be lazy and use something simple like a birthday, pets name or a single digit as my master key. But even if they were to gain access, they would have a hard time remembering any of the passwords generated within the app. They would have to either take pictures of, voice record, or write down each individual password. Or so I thought. But the sharing option makes it just that much easier for a snoop to seize more information in a shorter amount of time. I realize all of this is unlikely as they shouldn't be able to get past the master password in the first place. But stranger things have happened. And seeing as the master password is the only password a user needs to remember, it could potentially be guessed by someone they know or someone could be inconspicuously looking over their shoulder. Even if you're not concerned about people snooping around, there is still always a chance of user error. I know I've messaged and emailed someone other than the intended recipient before and I would imagine most everyone else has as well. It just seems logical that there would be an option to disable the sharing function in the app. If for no other reason than to put an end to rants like this one before they even start. :) Don't get me wrong, I love the app and it has helped me feel more secure online than ever before. I just don't want to think about what might happen if I accidentally email or text message a bitter ex girlfriend my bank account number, login and password information. Thank you all for your time and the work you all do. Now please kindly update your already fabulous app. :)

Comments

  • Ben
    Ben
    Options

    Hi @ominous_bob‌

    That is quite the scenario there. :) So, in order for this to happen, someone would A) need access to your device, B) guess/know your Master Password, and C) not steal your device (I'm assuming if your device is stolen you'd take appropriate precautions anyway and change your passwords).

    If this is the case, what would prevent them from simply setting up syncing to their Dropbox account? Do we need an option to disable the option to setup syncing too?

    And if they have your Master Password what is to prevent them from simply going into the preferences and turning the "disable sharing" / "disable syncing" option OFF?

    We do appreciate the feedback, but I'd ask you to consider these counter points.

    Also relevant:

    Toward Better Master Passwords

    xkcd: Security

    Thanks!

  • ominous_bob
    ominous_bob
    Community Member
    Options

    Regardless of scenarios, I don't really see how you can claim to be a secure service when there isn't even an option to disable mailing or messaging passwords. You even have the option of mailing or messaging passwords as plain text. Is having the option to disable sharing my password really such an absurd request? Because I can tell you, I have never once mailed a single password and I don't plan on starting. Maybe for some people such an option is helpful. However, I'm sure I'm not the first or the only customer who feels that this feature is an unnecessary security risk. Is it really that difficult to add the option to disable sharing? We're talking about passwords. I don't share passwords.

  • prime
    prime
    Community Member
    Options

    I use the sharing option personally, and it's a big help. My wife and I both have the app and many times we emailed each other the info. How we do it is we email it, check the name on the email, and then go to the sent to make sure it was my wide who I sent it too. She tells me right away she go it as well. If you're that worried, just double check the email and check the sent email after you send it. By chance you sent it to the wrong person, then change your password for that login.

  • Jasper
    Jasper
    Options

    Thanks for the feedback, @ominous_bob‌. I’ll pass this along to our developers.

  • JamesHenderson
    JamesHenderson
    Community Member
    Options

    I think if someone has your master password and access to your device, you have bigger issues to deal with than the sharing feature.

  • Fairgame
    Fairgame
    Community Member
    Options

    Regardless of several opinions about plausibility of different scenarios, I agree with omnious_bob about an option to share info in a plain text being a bad choice.
    I would prefer to have that option better protected from accidental use then it is now. It is very easy to select wrong button when sharing a password.

    Maybe a warning pop up with suggestion for other, protected options might be a solution.

    On the other hand, if one needs to share a login with non 1Password user, plain text might be the only way to do it. So this option is valid, just to easy to use by accident.
    Since there are many pros and cons to either option, I would leave the decision to AgileBits team to select the best compromise. :)

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @Fairgame,

    Thanks so much for sharing your thoughts here! I'll be sure to pass your feedback along to our developers.

This discussion has been closed.