Security of attachments in notes

one nice feature in 1password is the ability to attach files with notes. i keep my passport pictures in 1password. now when i need to view them i HAVE to download them to my hard drive to view them there.that is insecure ,they can easily recovered from there even if deleted ,especially with SSD hard drives.
1password have to be able to preview them in the window.

Comments

  • MikeT
    edited August 2014

    Hi @docesam,

    That is something we plan to implement in a future update if we can do it securely. You may find this other thread interesting to read.

    Keep in mind that displaying it in a separate window doesn't avoid the disk, it can still hit the disk decrypted as the file must be decrypted fully somewhere to see the binary data.

    There are some ideas we want to try to avoid the disk as much as possible, including some suggestions by the users here like the use of RAMDisk but that might be too complex to maintain.

  • docesam
    docesam
    Community Member

    RAM is very cheap , can't just decrypt in memory?

  • svondutch
    svondutch
    1Password Alumni
    edited August 2014

    @docesam‌ Yes we can decrypt in memory, but we cannot view it unless...

    1. we write it out to disk and then feed it to the default editor for this file type, or...
    2. include a full-fledged document viewer into 1Password, which is where we do not want 1Password to go :(
  • RichardPayne
    RichardPayne
    Community Member

    I wonder if they are any RamDisk components that would give you complete control of the creation, use and destruction of a RamDisk. Might make a user-simple alternative.

  • @RichardPayne‌ This might be a way to go and we'll certainly consider it.

    @docesam‌ This entire topic isn't an easy one, but we always try to put as much control in the hands of the user as possible. The thread my colleague Mike linked to is a good read, you should take a look.

  • docesam
    docesam
    Community Member
    edited August 2014

    if you use a ramdisk a malware can read that because a ram disk appear in windows explorer.
    no/yes ?

    if you leave it without implementing a photo viewer the user will be forced to save it to the hard disk which is not secure.

    the fact is security is not easy and i feel that a viewer is "mandatory".

  • RichardPayne
    RichardPayne
    Community Member

    if you use a ramdisk a malware can read that because a ram disk appear in windows explorer. no/yes ?

    Correct

    if you leave it without implementing a photo viewer the user will be forced to save it to the hard disk which is not secure.

    Correct

    the fact is security is not easy and i feel that a viewer is "mandatory".

    Viewer for what though? I sort of agree that images files would be nice to handle as they are common, but what about PDF? Or Xls? Or Doc? Or any of the other myriad file formats out there. They can't write a viewer for everything so we need a generic way to view using the Windows registered viewer. While yes, a RAM Disk can be viewed by malware if would have a very small window of opportunity and the disk would exist only for the length of time the file was open.

  • docesam
    docesam
    Community Member

    I don't know about other but for me i store images not because they are a nice pictures of my baby ,but rather because they are pictures of important documents.so i guess that is the type that should be implemented.
    if however you want to implement other file types that will turn your program into something like a more malware-proof version of trueCrypt ! not sure how that goes for others and you need a poll to tell how people are using 1password.

  • Hi guys,

    1Password is a password manager and a secure identity manager that happens to support file attachments for its items but it is not built to be an app to access all of your files securely. That's why it is not a file encryption app, there are other apps that can do that job better than 1Password.

    We are investigating for the best solution for this to let you view the most common formats within 1Password's container as much as possible, it could mean using a RAMDisk-based solution or building our own integrated viewer as long as it doesn't take up too much time and efforts. We want to be able to do this but we're not going to go beyond that to try to be the single app that does everything. 1Password will remain as lean as possible to focus on its core tasks, nothing more than that.

This discussion has been closed.