To protect your privacy: email us with billing or account questions instead of posting here.

Any security benefit to putting the vault on Dropbox/iCloud?

rprice54
rprice54
Community Member
in Memberships

Getting started with 1Password. For years I've kept an encrypted disk image on my mac at home keeping all my passwords but I've decided for a more modern approach- i.e. one that I can access on my phone, etc. All my devices are Apple, and I've been using iCloud keychain, but I'm thinking of moving to a dedicated password service separate from iCloud.

My question is about the security of the vault. If I use my 1Password account the vault is kept with 1Password. For the sake of discussion would it be easier for someone to break into 1Password and have access to my vault vs having my vault on Dropbox. I'm assuming if DB is hacked my vault file still has it's own encryption which means someone would have to crack DB first and then the file, so two layers of protection? I'm not asking which one is more secure per say, 1Password vs DB, but if there would be multiple steps for someone to gain access to my information in the event either service is compromised. And maybe I'm looking at this wrong, just asking if a multi layered approach is better.

Thanks.

1Password Version: 6.3.3
Extension Version: Not Provided
OS Version: 10.11
Sync Type: Not Provided

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @rprice54

    Thank you for your interest in 1Password, I'd love to tell you some more about the security for 1Password accounts :chuffed:

    Whether you're using an account or syncing your data by yourself, it never leaves your device unencrypted.

    I'm assuming if DB is hacked my vault file still has it's own encryption which means someone would have to crack DB first and then the file, so two layers of protection?

    While that is true, you also have two layers of protection with the 1Password account: beside your vault being encrypted by your Master Password, it has an extra level of security too and even better, the Account Key. Your Account Key is a 128-bit string of random characters that is generated locally in your computer and that is combined with your Master Password to strengthen the encryption.

    I'm not asking which one is more secure per say, 1Password vs DB, but if there would be multiple steps for someone to gain access to my information in the event either service is compromised.

    This is true either way. For Dropbox they'd have to first break into your Dropbox and then figure out your Master Password. With an account, they'd have to first break into our servers, then figure your Master Password AND your Account Key.

    If you're curious to read more about how 1Password account handle security and encryption you can read all the details here: https://1password.com/files/1Password for Teams White Paper.pdf

    Please let us know if you have any other questions or if there's anything else that you'd like to know about 1Password :chuffed:

  • rprice54
    rprice54
    Community Member

    Thanks for the feedback. I think it all makes sense to me. So far I'm liking the trial.

  • Ben
    Ben

    Excellent! If there is anything else we can help with please feel free to drop in. :)

    Ben

This discussion has been closed.