Dropbox sync safe?

tdiggy9976
tdiggy9976
Community Member
in Mac

Question security gurus!

Is dropbox sync safe? Or does it add room for abuse. I didn't follow the dropbox rumors of its own service being hacked, and who knows if it happened. Even if they were not hacked, eventually they will be, and/or some employee could accidentally or maliciously leak information. If that happened folks who synced their 1password accounts via dropbox would have their master 1password database leaked.

Of course, that is protected by your own master password, but it would give a hacker the file, and if they could crack your master, well its game over.

Thoughts? Am I being too paranoid and/or missing something?

-tdiggy

Comments

  • Stephen_C
    Stephen_C
    Community Member

    It doesn't matter how, or from where, a hacker obtains your 1P data vault. If he does the only thing protecting you is a strong master password.

    There are those of us who are old-fashioned enough :) not want anything personal in the Cloud and who accordingly use wifi sync to ensure all sync is local so that's one solution. Nevertheless, nothing overrules the key need to have a strong master password.

    Stephen

  • rickfillion
    rickfillion

    Hi @tdiggy9976‌,

    I think that with a good strong master password your data should be safe on any server. But if your master password is a 4 digit number you may want to avoid putting that vault anywhere you don't trust.

    When it comes to security, it's hard to be too paranoid. We try to make sure we give you the tools in order to make the decision that seems best for you. Personally, I keep my AgileKeychains in Dropbox.

    Rick

  • tdiggy9976
    tdiggy9976
    Community Member

    Thank you for the responses. I put my stuff on dropbox as well initially. My masterpassword was good, but not outstanding when I did. Right after I put it on dropbox, I got paranoid and then changed my masterpassword to something outstanding. Question: do I need to worry about dropbox keeping a version of that old agilekeychain with the mediocre password somewhere on their server? (ie. I think that's how dropbox ultimately works...they do keep old copies of files even if you overwrite or delete said file, right? In any case, I have zero trust in dropbox as a company...)

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @tdiggy9976‌

    Dropbox does do revisioning and allow for undeletes, 30 days for normal accounts I believe. However you can permanently delete files and folders if you wish, here's a link to their help page and the part you want is titled Permanently delete files.

    Of course if we're talking about being worried about old versions of existing files you'd have to be willing to be a bit more brutal I'm afraid.

    You'd need to:

    1. Disable Dropbox syncing on all your devices.
    2. Delete all agilekeychains
    3. Follow the guide I've linked you to and ensure all agilekeychains are permanently deleted.
    4. Re-enable Dropbox Syncing (which will create a brand new agilekeychain).
This discussion has been closed.