What happened to secure sharing?

NLEdit
NLEdit
Community Member

I used to be able to share a password securely, through both iMessage and email. There used to be an option to send in the clear or encrypted. Now there's no option and the data is published both in the clear and encrypted. Defeats the whole purpose of security. While iMessage may be secure, most of the email out there isn't, especially Gmail which is all scanned, and let's not talk about Yahoo. How can I send a data file securely to someone else with 1Password the way I used to?
Thanks much...


1Password Version: all current iOS
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: cu

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @NLEdit: Sorry for the confusion! We actually removed the "Sharing" feature entirely for a while because 1) it was never secure and never claimed to be, but 2) people still thought it was for some reason. We've since reinstated it with some changes to make it crystal clear that you're sending sensitive information in plaintext. Sending it via email will always be insecure though, so sending via an encrypted channel is always a better option. Using iMessage is safe only if both parties support it, and you disable SMS fallback just in case since SMS is not secure. I hope this helps!

  • NLEdit
    NLEdit
    Community Member

    It clears it up somewhat. I still like the way it used to be with a choice of sending in the clear or sending encrypted. I'm only sharing on iMessage with other Apple users. Right now I'm deleting the unencrypted part of the message.
    I think the sharing feature is both important and good. I do a lot of support for friends and getting them to use 1Password is one of the most important things I can do for them. Once I set them up and create secure passwords for many of their accounts I can easily share what I've done back to them. It increases the convenience and thereby increases the chances that they continue to use 1Password.

  • Ben
    Ben
    edited October 2016

    It clears it up somewhat. I still like the way it used to be with a choice of sending in the clear or sending encrypted.

    It was never encrypted. It was only obfuscated. And that was where a lot of the confusion came in. Folks thought it was secure because it "looked" encrypted -- but it wasn't.

    Right now I'm deleting the unencrypted part of the message.

    The entire message is unencrypted. The message is still sent unencrypted and anyone intercepting it can read the credentials out of it. The unencrypted text is there to remind you of that.

    I think the sharing feature is both important and good. I do a lot of support for friends and getting them to use 1Password is one of the most important things I can do for them. Once I set them up and create secure passwords for many of their accounts I can easily share what I've done back to them. It increases the convenience and thereby increases the chances that they continue to use 1Password.

    And that is great! But you'd need to share with them over an encrypted channel such as iMessage in order to be secure.

    Ben

This discussion has been closed.