Feature Request: (Extra) Encrypted fields, folders, or notes
Hi,
As part of a thought experiment in reviewing my own OpSec, I became a bit more aware of how crucial of a role 1P plays. Whilst I know my Master Password is excellent, I'm also aware of the advancing capabilities of determined attackers.
It may well be superfluous, but I found myself appreciating the idea of having an extra layer of encryption around some data, either a field, a whole entry, maybe even a folder/category.
To access the data in 1P, I'd have to enter another passphrase, and that would only make the data visible and accessible for X seconds, before re-encrypting it.
I realise that an attacker with access to my devices would just find a way to grab the keyboard input, but I'm mostly thinking about extra protection for the data at rest, or being hosted by a sync service such as iCloud or Dropbox.
Call it a "piece of mind" layer of protection...
Just an idea!
Scott
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@doetraar: I hope you don't mind, but we've moved this to the Lounge category of the forums, since it's not platform-specific.
Call it a "piece of mind" layer of protection...
Yes! That's exactly the function 1Password serves for your data stored in the cloud. :chuffed:
It may well be superfluous, but I found myself appreciating the idea of having an extra layer of encryption around some data, either a field, a whole entry, maybe even a folder/category.
I agree. While we may consider something like this in the future, it is indeed superfluous — unless there's a specific use case where it makes sense, not from a security standpoint, but perhaps for organizational purposes. In the end, we'll simply increase the security of 1Password as a whole, rather than saying 'this stuff gets stronger encryption, but this stuff...mmm, not so much'. And of course anything that is encrypted (whether once, twice, or a dozen times) still needs to be decrypted at some point in order for it to be useful to you, so you will always be the preferred attack vector for anyone who wants to access your data.
Over time we will probably increase the PBKDF2 iterations further as a defense against brute force attacks to stay ahead of technological advances, and perhaps eventually move to another cypher if AES is at risk of becoming obsoleted for some reason someday. But we're not there yet.
Ultimately the best thing you can do to strengthen the security of your 1Password data is to use a long, strong, unique Master Password. Much like using millions of PBKDF2 iterations gives only marginal benefits over tens of thousands (at great cost to efficiency), adding additional encryption to data where it is already infeasible to brute force on a human timescale is superfluous, and only moves it a bit further out in the realm of possibility. :eh:
0