Elcomsoft iCloud Keychain Decrypt

Penelope Pitstop
Penelope Pitstop
Community Member
in Lounge

What significance does this have for 1Password users? Maybe I’m misinformed, but I understood 1PW keys are stored in iOS keychain?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben

    @Penelope Pitstop

    Reading this article it appears an attacker must have access to the user's Apple ID credentials, and if two step authentication is enabled must also have access to a device that is authorized. It seems this just allows them to more easily view data they would have access to anyway?

    Ben

  • steven1
    steven1
    Community Member
    edited August 2017

    @Penelope Pitstop

    If you are a 1PW Account/Family/Team member, then the Secret Key is stored in the iCloud Keychain as a convenience. This is so that as soon as you login from an authorized device it is available for you and all you need to do is type in your master password.

    No other 1PW information is stored in iCloud Keychain, and particularly, your master password, which may be saved on the local device if you have touch id enabled, never leaves your device, cannot be backed up, etc.

    If you are following what Agile bits tell us to do and have a strong, random master password, take care to keep your devices under your control, etc., you should be fine.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @steven1: Great summary! Thank you. :)

  • AskAli
    AskAli
    Community Member

    Before I used 1Password I would use iCloud Keychain for everything, would you all suggest it's still safe to use for all my passwords or just stick to one service. The only added convenience is I run the iOS 11 beta and I can autofill within apps automatically. I don't store my master password or anything like that in iCloud.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2017

    @AskAli: Apple has a really good track record, so while I don't believe that there's the level of information on their security architecture out there (compared to 1Password) I would not have a problem trusting them with a lot of things.

    However, iCloud is really not good when it comes to interoperability and portability. Cross-platform support is pretty much nonexistent, and it's pretty tough to get data out of there. So for me the security isn't beneficial since there are other issues that stop me from using it extensively. Ultimately that's something that's up to you though.

  • AskAli
    AskAli
    Community Member

    @brenty Agreed. I use it just because it’s there. Otherwise I prefer 1Password in every way, which is why I got it in the first place. I just wanted to know if it’s relatively safe to keep stuff on it. Glad to know. :)

    Thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • XIII
    XIII
    Community Member

    @brenty: did you check out this?

    https://www.apple.com/business/docs/iOS_Security_Guide.pdf

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: Defnitely, but some details are missing with regard to the encryption keys. This is certainly partially due to Apple's relative secrecy in the industry, which is understandable to some extent for competitive reasons. But also it may be because Apple has been slowly changing things behind the scenes to move toward having less and less, presumably to avoid future clashes with from law enforcement. I don't know much about the iOS 11 in this regard and am looking forward to the next revision. :)

This discussion has been closed.