1Password Vault is a Chatterbox for at least canonic names of Websites and sometimes even usernames

macdiverone
macdiverone
Community Member
edited March 2015 in Mac

If you go to the Vault stored in Dropbox, open it with "show package content" you will have access to a bunch of files, each representing one entry in 1Password.

Whilst passwords are stored in "garbled" form, at least the website, where this entry is for, is readable in the clear, sometimes in addition the used user credential is also readable: "..."192.168.2.107:80 (admin)"} which allows no-no-goods at least to profile your behave.

Why there isn't simply put an encryption envelope over the vaults single files content, making it not as easy for evil eyes to get this information which could be hidden with ease?

Specially if cloud synced over "trustworthy" Dropbox?

Comments

  • rickfillion
    rickfillion

    Hi @macdiverone,

    You're absolutely right, and it's great that you're looking into this stuff.

    What you're using is our AgileKeychain, and we've been open about the fact that not everything in it is encrypted. You can read about the AgileKeychain format design here.

    Luckily, the world has changed a lot since 2008. AgileKeychain is considered old-style sync around these parts. It's still the default, but eventually that'll change. We've supported an alternative to AgileKeychain since 1Password 4 called CloudKeychain, or OPVault. You can read about the the CloudKeychain design here, where you should see that essentially everything is encrypted now.

    To enable OPVault support, you need to enable a hidden preference to change the default sync format to OPVault. To do this for the Mac App Store version of the app, you'll need to run this in the Terminal then restart both the main app and the mini:

    defaults write 2BUA8C4S2C.com.agilebits.onepassword-osx-helper useOPVaultFormatByDefault true

    For the AgileBits store version:

    defaults write 2BUA8C4S2C.com.agilebits.onepassword4-helper useOPVaultFormatByDefault true

    Then you'll want to disconnect the Mac from sync, erase the AgileKeychain from Dropbox, then setup sync again. You should have an OPVault file in Dropbox now, instead of an AgileKeychain.

    This really only affects Dropbox and Folder Sync. iCloud/CloudKit sync and Wi-Fi sync already use an OPVault equivalent by default for all data.

    If you're switching to OPVault from AgileKeychain, I'm going to recommend that you set it up from a Mac, and that on all other devices you follow the Starting Over instructions to completely clear all data. Then restart and connect to the OPVault. By doing that you'll bypass a bug I'm working on fixing, and will have a better experience in general.

    I hope this helps. Let me know if you have any other questions.

    Rick

This discussion has been closed.