Should I remove 1Password from a computer that no longer supports updates?
I have the latest versions of 1Password on my iPhone, iPad, and MacBook Air, but I also have an older MacBook running Lion that cannot be upgraded, and I can't update to the latest 1Password on that computer. Is it safe to continue using the older version of 1Password on the old MacBook, or would I be better off to remove it and just use the newest version on my other devices?
1Password Version: 3.8.22 and 5.3.2
Extension Version: 3.9.20 and 4.3.1
OS Version: OS X 10.7.5 and 10.10.3
Sync Type: Dropbox
Comments
-
Hi @kohls,
In terms of being able to synchronise all of the various versions, all still support the .agilekeychain format and Dropbox. Dropbox did drop support for 10.4 and 10.5 recently but 10.6 and onwards can all still run the client. We have a number of people that still run 1Password 3 either because it's the newest version the OS supports on that machine or they simply don't want to upgrade even if they're running Yosemite.
Now a tougher question is how safe is a Lion machine if let loose on the internet as you're correct, there have been a few high profile weaknesses of late and these have been patched in only the latest versions of OS X. It's a tough call. I myself ran Snow Leopard until Mavericks came out but on the other hand even just visiting safe sites guarantees nothing in this day and age as all it takes is a weakness that could be taken advantage of by others to put cautious browsers at risk. I personally think I had an easier decision to make as I don't remember any major flaws in Snow Leopard being unpatched while I was using it (my memory can be rubbish at times though). I don't think I have an answer for you. It might depend on how exposed this old MacBook would be and what you intend to keep it for. I would probably be hesitant keeping anything below Mavericks going at the moment but that's very much a personal point of view and others may easily disagree with me. If you're just using it for one or two specific sites where the possibility of a site being hijacked is very low (think banks etc.) then you should be safe enough.
I'm not sure if any of that helped or not. Please do post back though and others will surely add their point of view.
0 -
Thank you for your response. Are you saying that it might not be safe to use the internet with Lion at all, or just on sites that would require me to enter personal information and passwords?
0 -
@kohls asked:
Are you saying that it might not be safe to use the internet with Lion at all...?
I do think that's what @littlebobbytables is cautioning you about.
0 -
That seems a bit extreme, but I think I will at least take the 1Password 3 off. the old computer. Can I do that without losing the data from my other devices?
0 -
I'm not sure you need to remove 1Password. I'd really suggest you await clarification. I was just responding to what I think @littlebobbytables was cautioning you about. Taking 1Password off that computer, but continuing to use it on the Internet, doesn't sound right to me.
0 -
Hi @kohls,
It might be that my personal preference is seen as a little extreme. We've had a couple of high profile security scares recently, Shellshock (CVE-2014-6271) and FREAK attack (CVE-2015-0204) really stood out for me as they applied to so many systems out there. Now my memory hasn't served me well as I was under the impression that Apple had patched neither in Lion while it seems that they did patch Shellshock but not FREAK attack.
If your older MacBook is early 2008 or older then sadly Lion is the last compatible OS, a bit of a kicker given the late 2008 MacBook is compatible with Yosemite and I believe will also run El Capitan. Ironically you could be safer running Windows on an early 2008 MacBook Pro - it will run Windows 7 which has extended support through to 2020.
Once upon a time simply not loading dodgy files off of a floppy disk was enough to stay safe, then it was simply don't visit dubious websites. Nowadays reputable websites with a flaw allow miscreants to attack users. A fully patched system is a must these days hence why I personally would have concerns about running on obsolete OS any more.
Now to your questions. Yes, you can safely remove 1Password 3 from a Mac without it affecting any other device. We have uninstallation steps for 1Password 3 here and all you would have to remember is that your .agilekeychain is in your Dropbox account to allow all of your other devices to synchronise. Would doing so help your security though?
Can I ask, what do you see as the role of this older MacBook, what purpose does it serve that isn't met with your newer MacBook Air? I'd love to gain a better awareness.
0 -
I have a serious aversion to tossing out a perfectly good machine. How about if I disconnect it from the Internet, turn on File Vault, and just use it to back up files?
0 -
Hi @khols,
Personally I would recommend using FileVault regardless but that's more a safety measure should a machine ever be stolen. A Mac without FileVault can have the entire contents of the drive accessed extremely easily unless you have drive encryption. The goal is to make any of your files inaccessible and leave you with some reassurance that anything on the drive is locked away from the less than savoury person responsible. It's also why I would always recommend a PIN or passphrase on an iOS device alongside Find My iPhone. If somebody is going to nick it you may as well try your best to make sure they don't profiteer from it.
Now an air-gapped machine (one not connected to a network) is secure for all the obvious reasons. Heck that's what Bruce Schneier and Edward Snowden do so you know you're in good company there (although they do so for slightly different reasons). Anyway, even if a machine has known security flaws, the ability to compromise such a machine is significantly harder if it isn't networked so I can't fault that approach. You have to go to some serious effort to take over such a machine and that means a targeted attack - something you're not concerned about.
I do understand not wanting to throw away a perfectly good machine, that's pretty reasonable behaviour. I'm just wondering if you have a purpose in mind. Do you have a need that this machine will fit or is it more that it isn't fit for scrap so you need to find a role for it?
0 -
Not fit for scrap!
0 -
My Macintosh Performa is still in my basement. I used it for years without ever being connected to the Internet. I love my Macs!
0 -
:lol: :+1:
0