Use 1password master password for local encryption and/or user password?

bewe
bewe
Community Member
in Mac

Hey,

I am considering scanning quite a bunch of confidential paper
documents and putting them into an encrypted disk image
(I find 1password file attachments not suitable for larger amounts
of files). When I'm at this, I might as well encrypt my hard drive with
FileVault. My current user password for my mac is pretty weak and it
would be very convenient to just use my 1password password for this
and the encrypted disk image.

Now, are there any security concerns in doing this? Right now,
I cannot see any, as the passwords will only be used locally and
in an environment that I would input the same password into 1password
anyway. Am I missing something? Should I rather not do this?

Thanks!
Ben

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rjh
    rjh
    Community Member

    Hi @bewe , Good to see someone that is security conscious!

    From personal experience, I can say that it is never a good idea to use the same password for two sensitive locations.
    If someone were able to hack into your protected Mac, they would already have the password for your 1Password installation — if it were the same password.
    If you have a separate password for 1Password, the hacker would need to use 'brute force' again.
    While the hacking situation would be unusual, unless someone were to specifically target your sensitive data, or your Mac were stolen, it's better to be safe than sorry.

    I hope this helps with your decision.

    Cheers,
    Rob

  • ag_kevin
    ag_kevin

    @bewe,

    rjh is correct, it's not advisable to re-use passwords for the reasons he mentioned. Now, hacking into your protected Mac may indeed be a very low risk, but the risk is there.

    What I recommend, and do myself is this:
    1. Enable FileVault anyway, with the password you use for your Mac. If your password is very weak, you may want to consider changing it, but you don't have to do that now.
    2. Put your sensitive files in an encrypted disk image, and store the password to that disk image in 1Password. When mounting the disk image do not check "Automatically remember" so then it will not store the password in your keychain - which is protected by your weaker password.

    Then if your Mac's password is ever discovered, they won't be able to get into your sensitive documents, or your 1Password vault.

    I hope that helps. If you have further questions, feel free to reply.

    Cheers,
    Kevin

This discussion has been closed.