Is 1pass for me? - iphone(s), ipad, macbook, PCs

Trying to figure out if 1pass will work for my situation.

It would be for two member family. Currently, have two iphones, one MAC (home), two pcs (home), three pcs (work)

  1. Can two people have different passwords stored for same account on 1pass? For example, gmail or vangaurd - if there is one account for her and another for him, how how does 1pass know which one to enter.

  2. Assuming all the home devices are on the same network and sync well, can I then take my iphone to work and sync it with the three work PCs via wifi? I would like to avoid dropbox or cloud because of the security risk.

Thanks.

Comments

  • Think
    Think
    Community Member

    Also, assuming the above two user scenario, can there be two master passwords created for each user?

  • Think
    Think
    Community Member

    bump

  • danco
    danco
    Volunteer Moderator

    Normally, each person has their own account on the computer(s). And then each person will set up their own 1PW data file (called a "vault"). There's no immediate interaction, no connection between one person's vault and the others, different passwords. A secondary vault can be set up for logins that they want to share.

    In your situation, the Mac and Windows bundle from Agile's store is the best. The license works for both of you, so there is a small amount of work to get the license into all accounts. The version for iOS is free, with a charge for an in-app purchase for extra features. You would have to pay the extra charge for each of you unless the same Apple ID is used on both iPhones.

    Some other password managers store the passwords on their own servers, and for them the question about two accounts is relevant. But for 1PW, each person's accounts dat is in their own user account on the computer.

    By the way, I have two gmail accounts (for just one person), If I try to use 1PW to fill in the data, it shows me both accounts and I have to choose which one to us.

    I think (but am not sure) that Dropbox sync would be needed in the situation you describe. Trying to sync the iPhone with different computers is most likely to lead to an awful mess if you attempt to use wi-fi.

    Agile people
    will be around to answer your question, but to "bump" your query the same day rarely helps, and at a weekend is expecting way too much.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Think,

    danco is correct about a number of aspects. The one I'd like to quickly address is bumping a post. Unlike a normal forum where you want to keep a thread at the top, we work from oldest to newest to serve this who have been waiting the longest. If you bump a post to the top it actually means it will be longer before we release you've been looking for assistance.

    A single Mac & Windows bundle licence from our store would cover all of your Macs and PCs and then you'd need between 0-2 in-app purchased for the 2 iOS devices depending on a) if you want the Pro features and b) if you have individual Apple IDs or not. The basic features of 1Password for iOS have no time limit - it isn't a trial.

    I can't recommend Wi-Fi Sync to try and keep the two sites in sync. Even Folder Sync is going to be tricky given the 5 Windows machines. It's a shame you won't consider Dropbox as it is exactly the sort of functionality you need in this situation.

    Given the number of Windows machines I'm going to move this to our Windows section where people more experienced with this platform can advise. If you were thinking of using an existing NAS or file server it would be worth mentioning this.

    On the Mac we have Folder Sync and the purpose is to merge the changes in an .agilekeychain to the locally stored vault but the Windows machines directly work on the .agilekeychain so you really need them all altering the same one. Again, on the Mac we wouldn't recommend storing the .agilekeychain on a NAS or fileserver but this might be different given all the Windows machines.

  • RichardPayne
    RichardPayne
    Community Member

    I would like to avoid dropbox or cloud because of the security risk.

    The security risk to tiny. Even assuming someone broken into your Dropbox account and stole your vault, they would still need to crack the encryption to get at your actual data. Provided you use a decent master password there is little risk of this, unless your have a national intelligence agency directly targeting you, in which case Dropbox security is the least of your concerns.

    https://blog.agilebits.com/2014/01/12/dropbox-breach-hoax-1password-security-master-password/
    https://blog.agilebits.com/2011/06/21/toward-better-master-passwords/

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015

    @RichardPayne: Some great links there.

    AES isn't something that has been 'cracked', even. And that's not for lack of trying. Of course, someone malicious could use a brute force attack and, if they're lucky, a weak, common password has been used in the first place. But between PBKDF2 and strong Master Passwords, current technology would take an unlivable amount of time to brute force your 1Password data.

  • Think
    Think
    Community Member

    thanks for all the replies. so, if I understand correctly, dropbox is super safe? what is more secure: dropbox or icloud?

    just to reiterate our situtation:

    One person has iphone, ipad and MAC all at home.

    second person has iphone at home, PCs at home, PCs at work.

    For the above setup, what is needed as an optimal setup? Mac and PC bundle plus the fee iOS app?

    The device for first and second person do not need to communicate as no sharing is really needed.

    Also, at work devices, other people have access. What is the likelihood that someone downloads something malicious on a compute and then I login to 1password - can my passes be compromised?

    thanks.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015

    @Think: Both iCloud and Dropbox use encryption, so ultimately their weak link will be your account. You must use a strong password that isn't easy to 'guess' (either for a malicious person, or a machine) to secure it; and be sure to never give away or otherwise expose your password. And both companies have taken measures to prevent 'social engineering' attacks to circumvent their security.

    But in the case of 1Password even in the event that your cloud storage is compromised (your account, or even your home computer), the thief would only have access to an encrypted blob of data: it would only be useful to them if they had your Master Password to decrypt it. You can find more information on cloud security in our knowledgebase. I hope this helps! :)

  • Think
    Think
    Community Member

    thanks for the input brenty. can the master password be changed once set?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Think: You're very welcome! Indeed, you can change your Master Password at any time by going to 1Password File > Preferences > Security > Change Master Password. This will change the encryption keys for your data so that the new Master Password will be required to decrypt it going forward -- so be sure not to forget it. :)

  • RichardPayne
    RichardPayne
    Community Member

    This will change the encryption keys for your data so that the new Master Password will be required to decrypt it going forward

    This is incorrect. The key used to encrypt your data is generated when the vault is created an never changes. This key is itself encrypted using a key derived from the master password. When change the master password the only that changes is the encryption of the master key.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015

    @RichardPayne: What I said, which you quoted, is absolutely true. I just didn't mention both keys in the 'chain', as I did not want to add unnecessary complexity or length to the answer.

    your Master Password is processed to decrypt your key.

    Yes, there is more to it than that. But not everyone who wants to change their Master Password is interested in reading a design document. :)

  • RichardPayne
    RichardPayne
    Community Member

    @brenty maybe I've just be reading too many of your technical articles. The term "encryption key" is invariably used to refer to the static key.
    Sorry for taking you too literally.

  • Hi @RichardPayne,

    No worries, thank you for keeping us on our feet anyway.

This discussion has been closed.