Access to 1Password data without installing software
Hello
I would suggest developers to come up with ways of accessing the account directly by logging in online and also the option to install just the extension, without any additional software.
I am working in a corporate environment and they DO NOT allow end-users to install ANY software, and therefore I can't use the Windows app.
Thank you,
Alex
PS: At home I am using the app for Mac.
Comments
-
@smile4luv, you can get read-only access to your 1Password data on your private dropbox.com web site, as described in this article; otherwise, you do need to have 1Password installed on the computer on which you want to use it.
Note that there are no "accounts"; there is only your 1Password data, located on your local file storage and (optionally) on your private dropbox.com web site.
0 -
I would suggest such access is a great security issue. There are many "services" working as password wallets (e.g. LastPass etc.). But you never know who has access to your password. I believe those services use strong encryption, but every time you log in, the password goes unencrypted via a secure channel to their system, where it can be read by someone (admin, hacker, whoever else). I welcome such access is not available by 1Password and the data do not have to be uploaded to any system. It was one of strong reasons why I have selected this product.
0 -
But you never know who has access to your password. I believe those services use strong encryption, but every time you log in, the password goes unencrypted via a secure channel to their system, where it can be read by someone (admin, hacker, whoever else).
I don't think that that's how it works. Encrypted data blocks are sent back to you from the server and the decryption is performed locally. That's the only way the offline access mode could work.
Of course, that means that you're running the decryption in JS which is a risk in and of itself. I believe that it's the reason for the move from 1Password moving from the odd style browser plugins to the new v4 ones where all of the decryption work is done in a locally installed binary. JS never gets close to seeing your master password or encryption keys. I think it's also the reason that 1Password does not support Bookmarklets.
0 -
@oksoftware, I know of only one scenario in which using 1PasswordAnywhere could pose a risk, and it's described in that Using 1PasswordAnywhere I linked to, above:
- If someone gains access to your Dropbox account, he could replace your 1Password.html file with a “clone” that sends your master password to him. With the master password, he could then unlock your 1Password data on your private dropbox.com web site, just like you.
If you believe your Dropbox account has been compromised, do not use 1PasswordAnywhere. Using 1Password on your computer, change your master password for each vault, and then change your Dropbox account’s password as well.
Of course, if someone has installed a key logger on your PC, that would represent a security risk, as well. :/
0 - If someone gains access to your Dropbox account, he could replace your 1Password.html file with a “clone” that sends your master password to him. With the master password, he could then unlock your 1Password data on your private dropbox.com web site, just like you.
