Security question: 1PW w/ Dropbox vs. Web-based

goterps95
goterps95
Community Member
in Mac

Hey all:
Looking for a little education or links here. I'm a long-time 1PW customer and love the product. I have been reading a lot of two-factor authentication and I read the AbileBits explanation about why it is not included. I understand the premise that since we are using a local file, it isn't necessary.

However, in the event we sync our dropbox file to Dropbox or someother web service, how is that any less secure than something like Dashlane or Lastpass. I haven't been able to find anything about it. If a would-be bad guy got the file from Dropbox, wouldn't they just be able to run some pw cracking scripts against the local 1PW vault on their own time until it is cracked?

Looking for a little education on why 1PW w/ Dropbox is still a better security model than the web-based folks.

Appreciated.

Comments

  • goterps95
    goterps95
    Community Member

    CLARIFICATION: Looking for a little education on why 1PW w/ Dropbox is still a better security model than the web-based folks that use two factor authentication.

  • danco
    danco
    Volunteer Moderator

    Quick answer is that with a good master password, even cracking scripts would take too long to crack. That's Agile's aim in designing things.

    "Too long" will change over time. I understand that if one is using decider, five words is no longer thought good enough, but six words is.

  • rickfillion
    rickfillion

    Hi @goterps95,

    That's a great question, and it's awesome that you're thinking about it. It essentially boils down to: who has any access to decrypt your data. In the case of 1Password, the data is encrypted and no one can decrypt it without knowing your Master Password. This decryption always happens locally on your desktop (or phone). You're not having to trust any servers to decrypt it and get that information back to you. The key is to trust the machine that's doing the work, and the software that's running on that machine.

    I can't speak about how the others work, from a technical perspective. I'm only intimately familiar with how 1Password works. But if you have any questions about how anything specifically works in 1Password, we're happy to provide that info. We try our best to be as open as possible.

    Rick

This discussion has been closed.