share password via email or message
How secure is sharing a password using email or messages? The doc's say the password is "obfuscated". What does that mean? It doesn't seem like it would be secure at all because no encryption is involved.
1Password Version: 5.3
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: icloud
Comments
-
Hi @dan78766,
We chosen that word carefully for this very reason, we want to make sure people understand or at least ask because if we said it was encrypted we'd be taken on face value of that statement. The item is actually encrypted using the same techniques we use with your vault - the code was already there, why wouldn't we? but here's the gotcha for both copies of 1Password to be able to work with it they need to share a key. So while it uses encryption, the use of a shared key is why it's deemed obfuscation. Anybody with a copy of 1Password could decrypt the contents so it would be best used for sharing an initial password for example where you expect the other person to change it or via a medium that you feel confident about. For example Airplay creates an ad-hoc connection between two devices so using Airplay is quite safe but that's only for when people are in physical proximity with each other. iMessage uses encryption as well, in fact it's using what seems like standard private/public key encryption but doing so in the very Apple way of hiding all of that from the user. Email is an altogether different matter and we wouldn't recommend it except may as above, where you're expecting the information to be consumed immediately and so it doesn't matter.
For more permanent sharing we'd recommend a secondary vault that you share. You still have to communicate the password for the vault but once done you have a vault that more than one person can access in a secure way. For a bit more on this our page, Share a vault will give you an idea.
Does that help at all? If you have follow up questions or feel I didn't answer you in quite the right way please do ask/say :smile:
0 -
Thanks, that does help and is sort of what I expected but just wanted to be clear.
I'm trying to understand how to manage my vaults. Your answer leads to another question though.
Every copy of 1password has an encryption key that is the same for all copies of 1password. Is this key only used for sending passwords via message, email, etc.?
In other words this key is not used in any way to encrypt the data in a vault or make backups, correct?
One reason I ask this is that 1password allows me to change my master password. When I change the master password what happens to the content of the vault?
Is the entire vault decoded with the old password then re-encoded with the new password? Or is there an internal key that 1password used to encode the vault contents and only that internal key is decoded and re-encrypted with the master password? Or what??
When you say that 1password has a key that is the same in all copies of 1password it makes me worry in general and specifically about what happens a master password is changed and if there is some common key across all copies of 1password that is involved in some way.
Sorry for being so detailed but I just want to understand how 1password manages the data I put into it.
Also I understand why you chose to do sharing the way you did to keep things simple. But the problem with doing things this way isn't so much that the message/email might be sniffed out in transmission, the problem that once that message/email makes to it final destination it is going to live on that machines disk maybe forever because in practice it is very difficult to physically erase a message or email.
Using sharing like this sounds fine for an initial password that will be changed after receipt so it might to be good to specifically mention that in the documentation. Also it would be good to have Watchtower tag any password added this as being suspect and needing a change.
Thanks,
Dan0 -
Hi @dan78766,
This is attempt two at replying. I had this lengthy reply but upon re-reading your post I'm now of the opinion that you know a bit in this area and detailed explanations possibly aren't needed with you.
The shared key is only ever used for sharing a single item over iMessage, Airdrop etc. - it's use anywhere else would be a massive security blunder - we haven't done that here.
We do create encryption keys (plural I believe) at the time of the vault's creation and yes, that's what we encrypt with your Master Password. Change your Master Password and we only encrypt these keys with the new Master Password. Given you asked I think you already know the advantages of this approach.
For others, our page How does 1Password keep my data safe? may be of interest.
That's an interesting idea of using Watchtower. We'd need to make some adjustments as Watchtower only maintains a single database that is pulled from our server and you'd want a second one for the personal items. I'd probably say that it wouldn't be warranted for Airdrop or iMessage though unless your concern isn't a third party somehow storing it or it being stored insecurely but that the other person simple has it. Airdrop is device to device and straight to 1Password while iMessage messages are only decrypted on the device in question - Apple doesn't handle the message in plain text. Email and SMS are different though and neither should be considered trusted mediums I would agree.
0 -
Thanks again for your reply. That completely clears things up.
Dan
0 -
I'm glad we could answer your query @dan78766 :smile:
0
