1Password on Mastodon

Security concern

scottcavescottcave
Community Member
in iOS
How data is stored within app
I have been using 1Password Pro on my iPhone for a year now. I really like the product and enjoy the convenience of having all my passwords in one easy-to-use location. However I am also concerned about this password data geting compromised and into the wrong hands. I have already configured all the proper security settings for my iPhone and the app itself. My question is the actual data file containing all the password data that is stored within the iPhone. How is this data file secured? Is all the data within the file encrypted? To what encryption strength? Is the name and location of this file documented anywhere, such that a rogue app could find it and send it somewhere else in the background without my knowledge?

Thank you,
Scott

Comments

  • roustemroustem

    Team Member
    scottcave wrote:

    ... My question is the actual data file containing all the password data that is stored within the iPhone. How is this data file secured? Is all the data within the file encrypted? To what encryption strength? Is the name and location of this file documented anywhere, such that a rogue app could find it and send it somewhere else in the background without my knowledge?


    To add a few more technical details: 1Password for iOS is using a format similar to the one used on Mac or Windows. The only difference that instead of the individual files, the items are stored in SQLite database. The encryption key is protected with your master password using AES-128 encryption with PBKDF2 (1,000 iterations). The item data is encrypted using AES-128.
  • scottcavescottcave
    Community Member
    Great information, thank you. I appreciate the attention you have placed on securing your app. I feel better now about using it.

    Thank you,
    Scott
  • khadkhad
    1Password Alumni
    I'm glad that you found the information helpful. :-D

    If we can be of further assistance, please let us know.

    We are always here to help!
  • SilverRavageSilverRavage
    I just found this post searching, does 1Password for iPhone store the data only on the iPhone itself and doesn't send it to a website server or Cloud base anything?
  • MikeTMikeT

    Team Member
    edited September 2011
    Hi SilverRavage,

    The encrypted data is always stored locally. If you use Dropbox, a copy of the encrypted data is stored on their servers to use as a *cloud* server to sync between your iOS devices and your computers.

    If you do not use Dropbox or Wi-Fi for the sync purposes, than nothing enters or leaves the 1Password app on the iOS devices.
This discussion has been closed.