MacBook stolen

bigbong

Hello, I am very happy with 1 Password (iMac, MacBook, iPad, iPhone) to a point that my vault is actually keeping quite important documents for me and for others not to mention various strategic logins and pwds.
In case my MacBook is stolen, I am afraid that the thieve could take the time to use a passwordbreaker to enter my vault. Is there any way to deactivate 1Password on my MacBook at distance ? I am using Dropbox to have the possibilty to use 1PasswordAnywhere in order to recover access to my data but what can be done to prevent someone to access my data if in in possession of my laptop ? Empty the vaults ? How to keep access to my data ? Create another one with a ultrastrong password ?
Sorry if this question has already been raised, I went through the quite interesting forum discussions on 1PasswordAnywhere but I did not find anything that would solve my problem. Thanks in advance,
Big BonG

littlebobbytables

Hi @bigbong‌

I'm sorry to hear you've had your MacBook stolen, that's pretty crappy.

There is no way to deactivate or purge your vault on your stolen machine, not from within 1Password anyway. When the great minds behind 1Password designed 1Password it was with the goals of securing your data behind industry standard encryption. So the security is in how long it would take to brute force a password.

Rather than botch up an explanation I've going to paste an excerpt from a post by Mr Goldberg.

End-to-end encryption
1Password uses what is called “end-to-end” encryption. 1Password on your computer or mobile device encrypts your data with keys that are derived from your Master Password. Those keys are never stored anywhere or transmitted. Nobody, not even us at AgileBits, ever sees those keys or your Master Password. This is why it absolutely essential that you don’t forget your Master Password. We cannot reset it or reconstruct it. Your data can only be decrypted by you.

We designed 1Password this way from the outset because we knew that computers get stolen and services get compromised. By placing all encryption and decryption under your control, we become far less reliant on the security of any sync service.

Protecting Master Passwords
If an attacker does get hold of your 1Password data, the only feasible way for them to attempt Password Based Key Derivation Function diagramto decrypt it would be to try to guess your Master Password. Of course, they wouldn’t sit there typing in guesses. Instead they would run automated password guessing systems against the data.

We have a long history of building mechanisms into 1Password’s data format that make it harder for attackers to guess your Master Password. When we released 1Password 2.5 in 2007 with the then new Agile Keychain data format, we added PBKDF2 so that anyone trying to run automated password guessing systems against captured 1Password data would have to perform lots of slow computation for each guess. You can read more about PBKDF2 and this aspect of our design in an older article of mine, Defending against crackers: Peanut Butter Keeps Dogs Friendly, Too. Many of the details have changed over the intervening years, but the essential concept remains the same.

Toward better Master Passwords
DicePBKDF2 makes it harder for those automating password guessing, but it does have limits. You need to do your part by choosing a good Master Password. Even a small improvement to a Master Password goes a long way. Adding a single truly randomly chosen digit to the end of your Master Password makes the attacker work ten times longer to guess it. Adding a truly randomly chosen word make the attacker work thousands of times longer. Adding two truly randomly chosen words makes the attacker work tens of millions of times longer.

You will note that I emphasized the phrase “truly randomly” a few times there. That part is crucial. People turn out to be very unrandom even (especially?) when they are trying to be random. If you follow our advice in Toward Better Master Passwords, you will see how you can securely pick words at random to add to a Master Password. Hint: It involves rolling dice. It’s fun!

Basically we've assumed that somebody may gain access to your encrypted vault and it has been designed to make gaining unwanted access as hard as we can. Now if your Master Password is extremely simple and liable to fall within a simple dictionary attack then you're right to be concerned.

What to do?

If you enabled Find My Mac on your stolen device you can log into https://www.icloud.com/ and leave instructions to Erase your Mac when it next makes contact. You can do this with the following steps:

1. Log into https://www.icloud.com/
2. Select the Find My iPhone option
3. Select the stolen MacBook from the drop down menu in the middle of the top bar which will say All Devices by default.
4. Select the Erase Mac option

There may be more steps, that's as far as I was willing to go on my own devices - sorry.

Now of course, if they can access the contents of your machine they may have copied your vault to another storage device.

So really your only option is this. Use the time it might takes to break a weak Master Password to start changing all of your passwords. It will be a pain in the ass but the time it takes for you to do this will be a lot less than the time it will take a determined thief intent on breaking into your vault. The fact is your stolen device will probably get wiped or the vault ignored by why take the risk?

For the future I'd recommend the following.

• Enable Find My Mac/iPhone on all your devices. It will allow you to remotely lock them or wipe them if anything goes wrong. You can actually use it for something as simple as making your iPhone beep if you've lost it in your bedroom.
• Ensure all devices have a password or passcode set. For non-TouchID devices, you can set a non-standard length PIN by turning off Simple Passcode (Settings > Passcode : Simple Passcode) and then entering a passcode that only consists of digits.
• On all Macs use FileVault if your OS X is new enough. That might mean just encrypting your account or disk encryption if you're using something like Lion or newer. This can be found in System Preferences > Security & Privacy > FileVault although its location may be different depending on which version of OS X you're running.

and of course fingers crossed you never have to go through the loss of a device.

bigbong

Hi LittleBobbyTables,

Thanks a lot for this detailed answer.

If you do not mind, I would like to go a little bit further in the hypothesis of a Mac being stolen and someone trying to break the Master Password:
You propose to take the time to change all my passwords. It makes sense.

1. Can I do that using 1PasswordAnywhere after having deactivated in Dropbox the stolen device ? And if I use 1Pasword on my iPad or another machine (I have a multiple license) to do so, where can I keep my new passwords ? In 1Password ?

2. In other words I suppose I can take the risk to use (my own multiple licensed) 1Password on another machine after having deactivated the Dropbox syncing on the stolen one but can you confirm ? Have you got a more systematic step-by-step procedure to propose ?

(I have to reassure you and thank you. My MacBook has not been stolen (yet) but my son's iPhone has been stolen and Find My Iphone, although perfectly configurated and checked (iOS8), has shown to be absolutely useless although we tried to locate the phone from 20' after the stealth. I expect the iPhone to reappear somewhere abroad. From what I read, I am not the only one to have faced such an experience).

Again thanks a lot, it is a pleasure to deal with a motivated and competent team like yours ;-)

BigBOng

littlebobbytables

@bigbong‌

First things first, I actually misread your original post a little and thought you'd had your MacBook stolen. I'm glad I misread that and you haven't had that loss.

I'm not a big user of Dropbox but here goes.

In the event of a device being stolen the first port of call is to change any passwords for email addresses you have, in particular for any the machine or device can access. You don't want the thief being able to intercept any reset password emails.

Then you'd want to log into Dropbox, head into their Settings and then the Security tab. In there you'd want to remove any authorisations you need to, if in doubt purge the list and then change your Dropbox password.

At this point you'll need to re-establish links to Dropbox for the rest of your devices.

From herein you can safely access 1PasswordAnywhere from Dropbox but given 1PasswordAnywhere is read only it is of limited use to you. What you'd really want to be doing is using a desktop or laptop if you can that you already sync 1Password to (or one you can borrow). Why a desktop or laptop? I think changing large numbers of password from a phone or tablet would result in said device being flung out a window (maybe that's just me). From here you can easily and quickly log into each site, change the password and ensure 1Password has the new one stored. As 1Password is still syncing to Dropbox (just not your stolen device as you've changed all the details), all your other devices will pick up the new passwords.

I'm not sure I'm understanding your second query - sorry. Can you rephrase it a little for me please. Meanwhile I'll go grab more coffee in case lack of caffeine is making me dense :stuck_out_tongue:

thightower

@bigbong‌

Just a little more information maybe updated information on Dropbox. When you visit the Dropbox site and unlink a device it now attempts to remove those files from the Device. It must be online and connected to the internet. So if you use something like Undercover you could wipe the Dropbox files, using Dropbox, wile allowing Undercover to locate your Mac. Hopefully allowing its retrieval.

Dropbox Remote wipe

• Only available for Pro and Business Dropbox accounts.

It really depends on what your strategy is retrieval and or complete un use of the machine.

I don't know how I would feel given a set of circumstances like you mention. I would have to make it (decision) rather quick. But just putting the Dropbox wipe option out there.

cc @littlebobbytables‌

danco

Undercover is a good program. But it can't find a Mac that has FileVault enabled unless a someone logs inas a user, not the Guest User. There are ways round this but they involve going through a bunch of hoops that may be too much work.

Plato

Bigbong...

You expressed some unhappiness with Apple's "Find my..." function. I have also had some difficulty but all is not lost. I did some testing and confirmed that the lock and erase functions DO work even when the location is never reported to you!

There is one caveat but I can't remember the exact details. You might wish to go to the Apple site to investigate. I think that there is a limitation that says if you lock a Mac, you can not subsequently erase it and if you erase it, you can not subsequently lock it. Again, I'm not sure if I quoted the limitation correctly but it has something to do with multiple functions can not be performed.

bigbong

Thank you Plato for your suggestion, but the problem is that the iPhone did not even appear at all in the iCloud website (not even among the possible devices) although it was perfectly configured less than a week ago and the device was stiil in the "settings" with the IMEI number and the serial number but no possibility to activate any function like "erase" or "locate". I beileve thieves know exactly what to do not to let the iPhone be connected.
Thank you,
Bigbong

bigbong

My conclusion is:

I will keep 1Password synced with Dropbox (although Dropbox is not really safe) but at least if one of my devices is stolen, I can access thru 1Password Anywhere the websites where I have to change the password before a thief could possibly break my Master Password
BUT
from now on I will not keep any credit card number or strictly confidential notes on 1Password.

Thanks a lot and and keep all the good work

Biggabong

Plato

Biggabong:

"but the problem is that the iPhone did not even appear at all in the iCloud website (not even among the possible devices)..."

Wow. I've never had that situation. The worst that I've had is that an item is offline but that makes sense (because it was offline). Besides, I can send an "Erase" command that will take effect as soon as the device goes online. You might try the Apple forum to see if any of the experts there have some ideas.

littlebobbytables

One thing I'd add @bigbong‌ Not storing items such as your credit cards in 1Password is certainly a choice you can make. My personal usage of 1Password is I have everything stored in it and I'm not concerned. All those steps I recommended, those are ones off of the top of my head because I do them. If a device was missing/stolen I'd have others I could use to remote wipe the missing/stolen one. Once I get another device I may even see what happens if you remote wipe one just out of curiosity - see if you get an acknowledgement. Worst case passwords and cards can be changed, so there is little of use to anybody and you also need a very determined criminal. Most thefts will be to sell the device to some poor idiot who didn't know any better (or somebody who did and had few morals) and an encrypted file requires some determination.

bigbong

Yes, you are absolutely right. My point is, in my job my laptop is absolutely strategic. I got stolen one (PC) in the old days and I have lost months of work. Now thanks to Apple and thanks to good softwares such as 1Password, I feel more secure, more organized and I have a little bit of time to anticipate on a potential problem so I am trying to figure in advance how to avoid all the incredibly time-consuming things I would have to accomplish in case...I think 1Password is great, I understood it would be even greater if, like Dropbox, it could be disconnected from another device (but I also understand technically why it can't).
Thanks a lot for sharing all this
BigbonGG

littlebobbytables

@bigbong‌

Losing months of work sucks balls. I'm sure I could have phrased that a little more eloquently but quite frankly that kind of situation is one where you start getting expressive with your language.

If you aren't already, something like Time Capsule might be a very worthy investment. I still haven't found anything that comes close to it for Windows (maybe I'm just not looking in the right places - I don't know) but it's pretty much flip and switch and it does version control and backing up for you, keeping hourly, daily, weekly and monthly backups. Quite frankly it's amazing. I feel much better knowing my machines both use it.

In the event of a theft the worst cost is that of a replacement machine, you restore the last Time Machine backup and you're good to get on with changing passwords. After that you can carry on as if nothing happened while hoping whoever was low enough to steal your machine gets instant karma and is hit by a bus.