What if I encrypt my vault in Dropbox local folder with Windows encryption system?
I use just one vault which is saved in my dropbox folder. May I encrypt this vault using Windows 10 encryption feature as a 2nd level of security? That way, if I have my computer or vault stolen, a burgler won't do nothing with such file, since he/she will need the Windows Certicate to access the file.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:windows encryption
Comments
-
@eafernandes: The great thing about full disk encryption in modern operating systems is that it's completely transparent to users — and to apps. Using BitLocker to secure the whole drive means that it will appear as random noise without your credentials to someone who snags your PC. And even better, you won't have to manage unlocking individual files; the whole disk will become available when you login to your Windows user account. 1Password won't know the difference and neither will you.
Now, it's also important to note that even on devices which don't have the benefit of full disk encryption, your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on an additional encryption layer to protect your data. 1Password is secure by design, not by chance. I hope this helps. be sure to let us know if you have any other questions! :)
0 -
Hi Brenty,
As ever, Agile Bits has the right answers for my doubts, using a clear crystal approach. This is the main cause that I do not change 1password for no other pw manager app. However, there is a point that I need to clarify better before go for using Bitlocker to encrypt my whole HD or my single opvault data file.Since the opvault file 'syncs' to other computers and to my iphone (via dropbox), what should happen when I try to open the encrypted bitlock file without the Windows certificate on this devices? How to use the Win Certificate in iPhone? Excuse-me, I am not an expert over these matter.
0 -
Hi @eafernandes,
Just to be clear, when you're using BitLocker, you're only encrypting the drive itself. It has no impact on the files itself nor other devices, that's what Brenty meant by the transparency to users. Your data isn't being converted, the drive itself is.
Think of it as a safe (drive), your papers (files) go into this safe and when you lock it with a strong password, the safe appears as encrypted to everyone. However, the files inside the safe are not encrypted but no one knows that because they need to know the password to open the safe first. When you unlock and the files are sync'ed, they'll show up as the same form on other devices, no encryption involved. 1Password vault itself is already encrypted, so you're putting a much smaller safe inside another safe. When you put this safe on Dropbox, it's already locked. BitBlocker is not converting your files into individual safes of their own, it's only converting the drive into a safe while moving your files inside the safe.
The biggest benefit to the whole disk encryption is preventing someone from accessing your data when they steal your computer because all they see is that one big block of encrypted content (safe).
What Dropbox has is the same as what you have on the drive, no BitLocker is involved here. Same for your iOS devices, it gets the same content from Dropbox, that's the same on your local drive.
If you decide to use EFS (Encrypting File System), Microsoft's other solution to encrypt files directly, 1Password will not be able to view it until you decrypt it first since 1Password doesn't use EFS. Actually, we do use it in a specific case for when viewing attachments within 1Password but that's a different topic.
0 -
Hi Mike,
Let's see if I understood. Microsoft has two diferent technologies to encrypt data in my computer. One is Bitlocker, which locks the entire drive, and the other is EFS, which locks a regular file or files in your drive (I suppose that is the one you can acess using the right click over a file and chosing Properties-Advanced button).
As I can see, the second one is not recomended because the file itself will be encrypted (in our case, the opvault file), and 1password app does not suport this method. The first solution (bitlocker) is the indicated, since the whole drive will get the protection, not a regular file, and this is transparent to 1password.
Suppose the case that I use Bitlocker to protect my drive and a hacker invade my computer and get my opvault (but not my password) to his machine to use 'brute force' programs to unlock the file. In this situation, the opvault file will not have the bitlocker protection, but only the protection of my 1password's Master Password, right?
0 -
Hi @eafernandes,
BitLocker is of no use against remote breaches, it is also transparent to hackers. In this case, your only protection is to disconnect the network and clean up.
If a hacker has total control of your system, not just local rights but the whole admin right as well, there's absolutely nothing that can protect you against this, not even 1Password nor any other security programs.
If the hacker only has local rights and hasn't breach the admin rights, then he still do some limited damages but Bitblocker doesn't help here. The hacker may not be able to run tools to try to capture your keystrokes for 1Password's master password, which is also why the 1Password's secure desktop is useful to use as well if you suspect your system has some malware.
the other is EFS, which locks a regular file or files in your drive (I suppose that is the one you can acess using the right click over a file and chosing Properties-Advanced button).
That is correct.
As I can see, the second one is not recomended because the file itself will be encrypted (in our case, the opvault file), and 1Password app does not suport this method.
It's not that we don't recommend it, it's just that we can't decrypt your files for you since that's the purpose of the encryption, to prevent others from reading it and this isn't limited to 1Password. In this case, you can use it if you want but just remember that 1Password cannot access it if you don't decrypt it first. In addition, 1Password won't be able to back up your data while it can't access your data.
In this situation, the opvault file will not have the bitlocker protection, but only the protection of my 1password's Master Password, right?
That is correct, he'll need to brute force to figure out the right combination to your password. However, if your system is totally compromised and the hacker has control over everything, he can figure out the password based on your keystrokes and so on.
0 -
Ok. Thank you by your support.
0 -
You're welcome and if you have any further questions, we'd be happy to answer them for you.
0