Syncing Options - which one is the safest ? Do i increase the risk by auto syncing with icloud

InterestedNewbie2015

Hi to everyone !
I am new to this topic and have recently started my first attempt with password managers, using the iCloud keychain.
After hearing that it is meant to be safer using a password manager program on your local device rather than a password manager which part of your browser (i.e. the Blackhat Safari Autofill issue) , i switched to 1password and am currently in the procedure of setting 1password up on my imac.

I would now like 1password to run on my other devices ( MacbookPro and iphone) in a user friendly, but most of all secure way.

Therefore i am not sure how the set up my system and am stuck with the below mentioned questions:

1. Do iCloud and 1Password automatically sync via LTE or even worse in a public hotspot ?
2. Am i assuming correctly that the passwords are saved locally within 1password ?
3. Does it make sense to keep 1password within a knox container for encryption purposes or is the information within 1password encrypted by itself ?
4. Do i unwillingly open a backdoor by using the iCloud sync or is the autofill issue not only a safari problem, so that 1password would be equally vulnerable ?

Please someone help me out here, so that i can continue my setup and don't have to ask such (stupid) questions anymore. :)

Thank you for your effort in advance !

Cheers
InterestedNewbie

littlebobbytables

Hi @InterestedNewbie2015,

Questions on how secure you are can never be labelled stupid. Well maybe with the exception of jumping up and down on something yelling "is this secure?" but only because that has the potential to be retold at a Darwinism award ceremony :tongue:

1. 1Password will use whatever connection is present. This applies equally to Dropbox as well as iCloud and both use SSL connections. On top of that we only transmit the encrypted version of your vault. So even if you're using an unsecured public hotspot it will be an encrypted fields sent over an encrypted connection.
2. We're in a period of transition here. 1Password 4/5 for Mac and iOS use iCloud and Dropbox purely for syncing and maintain their own local databases. I personally like this approach. 1Password 3 for Mac and 1Password for Windows work directly on the .agilekeychain so if it's in Dropbox that's where it is but it would only be placed there if you specifically did so, otherwise it would remain locally stored.
3. Your vault is always stored in an encrypted state whether it is iCloud, Dropbox or the locally stored .sqlite database file in 1Password 4/5 for Mac and iOS. I don't see any benefit to storing 1Password in an encrypted disk image (see below for the exception) and it could actually cause issues on the Mac if you're keeping all the support files and folders in an image that 1Password assumes are in a particular location and always accessible.
4. If the "Blackhat Safari Autofill issue" issue is what I believe it is referring to then iCloud and this are separate and you're safe as we don't autofill for this reason. Even if iCloud or Dropbox were compromised and you were worried at all, as long as your Master Password isn't trivial you would have more than enough time to panic, contact us and then change all your passwords with a few decades to spare. When we designed our storage formats it was assumed that at some point somebody would find their vault in the wrong hands and that's where the strength of the encryption comes into play.

So a few more remarks. If you're worried at all about your Mac I would strongly recommend File Vault - encrypt the entire disk.

If you're worried about iCloud or Dropbox at all and you're syncing one or more iOS devices with a single Mac then you might find you prefer our Wi-Fi Sync which is a local sync that only works over Wi-Fi. Lastly, if you're worried about public hotspots at all then a VPN which automatically connects if it spots an untrusted connection might be something to consider. I was told of one lately that I use myself and while I don't make extensive use of it what I will say is it behaves as expected. You may find others do the same so this is just to give you an idea - Cloak. What it does that my own VPN doesn't is the automatically initialise a VPN connection when on an unsecured Wi-Fi point even on an iOS device. As I say, this is one, there are undoubtedly others out there too.

If you have any follow up questions do please ask!