Securely delete file after import
This article suggests securely deleting the imported file once it's imported into 1Password. This is great advice, but I forgot to do it (as I'm sure others do, too). Also, securely deleting such a sensitive file (all my passwords, unencrypted) is not trivial - I'm sure many just throw it in the trash.
I'd expect 1Password to, at least, remind me to do it after the import and provide some instructions on how to do it securely. Even better would be if it prompted me to do it for me.
1Password Version: 6.6.4
Extension Version: Not Provided
OS Version: macOS 10.12.4
Sync Type: Not Provided
Comments
-
Hey @noamnelke,
Thanks for your post. We were just updating the import documentation and having a discussion about this exact topic when you wrote in, so good timing. :)
We have to be careful when giving out advice about what to do with sensitive information like a list of passwords. We can't be cavalier, but we also don't want to overload people with warnings and instructions. Some people securely delete all their files as a matter of course —— others never do, relying on the "good enough" security of emptying the Trash. This is not a decision we can make for everyone.
Apple has actually removed the ability from the Finder to securely delete files in recent versions of macOS, so the instructions would now require Terminal commands — probably not appropriate for a tutorial about importing data! So while we may link to an external resource, I think the majority of the discussion is still outside the scope of the article.
That said, the number one way to protect data on disk is to turn on FileVault and use a strong login password. An encrypted list of passwords is good as deleted, and you don't have to make decisions about every file. This is advice I would offer to all 1Password users, even if they aren't leaving CSVs on their drive.
Maybe that's what we'll put in the doc. :)
Cheers,
Mitch0 -
Thanks for the reply. I see what you mean, however I still believe the best solution would be to have the app prompt the user to delete the file for them after the import.
The mechanism for doing that is already implemented when downloading files from the vault.
0 -
I believe that the old Secure Deletion method no longer works if one is using a SSD rather than spinning drives.
And I certainly would not want 1PW to empty the trash for me, I tend to keep files in the trash for a few days before deleting them.
0 -
I believe that the old Secure Deletion method no longer works if one is using a SSD rather than spinning drives.
@danco: That's correct. While it's still possible to trigger this, the problem is that it isn't guaranteed. Given the way SSDs transparently swap out cells and perform wear leveling, the OS may not have access to zero out some data after its been removed from the file table. I suspect that's why Apple removed the option; it can't reliably do the thing it says.
And I certainly would not want 1PW to empty the trash for me, I tend to keep files in the trash for a few days before deleting them.
Amen. You don't even want to look at my Trash. :lol:
Thanks for the reply. I see what you mean, however I still believe the best solution would be to have the app prompt the user to delete the file for them after the import.
@noamnelke: It's something we'll consider, but I really don't think this is appropriate, as it does involve risk to user data. We don't want to encourage people to destroy the original copy as they may need it later. What about when 1Password imports, but couldn't read all of the data another app produced? Encouraging the user to destroy it permanently means they couldn't even attempt another method. We don't want to be responsible for someone destroying something they need, and as Mitch mentioned modern OSes can encrypt the whole drive anyway. Once the user is able to go through and confirm all of their data imported correctly they can make a decision for themselves, and prompting them to do so immediately after importing is a bit reckless.
The mechanism for doing that is already implemented when downloading files from the vault.
That's exactly it. When 1Password decrypts some data in your vault so you can view it and that temporary file is deleted, removing that doesn't remove the original data (inside the vault). In the case of an import, this isn't a temporary file, and is in fact an original copy of the user's data. Deleting that automatically or prompting the user to do so immediately seems irresponsible.
0 -
let's agree to disagree, then ¯\_(ツ)_/¯
0 -
Fair enough. :)
Ben
0
