What is the Safest Most Secure Option with Vaults?
Hello folks,
Could someone please kindly explain to me what the most secure option for the vault is, having it on Dropbox as I currently do or setting up a 1Password account, or is there anything else that I'm missing?
Thank you.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: mac OS High Sierra
Sync Type: Not Provided
Comments
-
Thanks for the question, @Hightime! 1Password was designed to work so that no matter what option you choose - standalone vaults with no sync, user-managed sync with Dropbox or iCloud, or a 1password.com account, your data is very secure.
In every case, you data is protected by the encryption algorithms used - AES-GCM-256, strengthened by PBKDF2. If those sounds like buzzwords to you, you can read more about them in our About the 1Password security model page of our support site. The bottom line is that a weak Master Password will be far and away the weakest link in any adversary being able to access your data, so from the very beginning, we've given users advice on choosing a good Master Password. Heck, we even put it to music a while back (no, really! ;) ). The single most important thing you as a 1Password user can do to up your security is to use a long, strong Master Password, because that will be how any adversary who gets hold of your data would try to decrypt it: by attacking (trying to guess or brute-force) your Master Password.
In the past, the only way an attacker could gain possession of your 1Password data, however, was by targeting you specifically or obtaining one of your actual devices. When we debuted 1Password accounts, we realized that acting as data host for users would make our own servers a very attractive target for hackers. If they could bypass the considerable defenses we employ on our servers to keep your data away from assorted internet bad guys, they could (theoretically) obtain many users' data, all at once, instead of having to target individual users separately. Then, they could work at their leisure to decrypt the data obtained.
While a good strong Master Password should still be defense enough in such a case, we created the Secret Key to add yet another layer of security to 1Password accounts specifically, because they presented a new threat model. As a result, we consider 1password.com accounts at least as secure as standalone vaults -- but they both exist because users deserve a choice and 2) because both models are VERY secure -- 1Password has never yet had a breach of users encrypted data. So please feel comfortable in whichever choice you make, and feel free to send any questions our way. Thanks again, and have a great week!
0 -
Hello Lars!
Many thanks for the speedy and detailed explanation. I hear what you're saying and have another question, which would make synching across multiple devices the easiest? At the moment if I want to setup 1Password on a new device I need to setup Dropbox first, I'm assuming having a 1Password account would eliminate that step?
0 -
@Hightime -- I can't believe I left that out of my previous response, but yes, syncing via 1password.com is not only easier to set up, it's vastly more robust. Don't get me wrong; I am most definitively not knocking Dropbox or iCloud. But those two are similar to one another in that they're essentially universal sync solutions. That is, they're designed to be able to effectively sync many different types of data. That's a great thing, if it's what you need -- and virtually everyone uses some form of cloud storage for some types of data.
But being a jack-of-all-syncing-trades like that, combined with us (AgileBits) having only limited access to their syncing engines via the APIs they allow us to use, means they're NOT as good at specializing in syncing 1Password data in particular. In creating the 1password.com servers, we were free to not have to worry about syncing your Word documents or your old .avi videos of your kid's birth from 1995 that you converted from VHS, or...well, you get the idea. 1password.com syncs ONLY your 1Password data, and we control both ends of that sync, resulting in a very stable experience.
To sign into your account and "sync" it on any new device, you need only to have your Master Password, your Secret Key, and of course your sign-in address and email address. You can even use the Setup Code to make signing-in even easier. Within seconds, all your data are simply there. No fussing with 3rd party services, no setting up external sharing permissions. Just 1Password, ready to go. :)
0 -
Ok, that sounds about like what I need. Many thanks again for your clear answers. I already have a 1Password license which I use with Dropbox, how do I upgrade that and transfer all date to a 1Password account?
Thanks.
0 -
@Hightime - Ah, that's relatively easy -- just head over to the main 1Password sign-up page (or use the 1Password Families sign-up page if you want to get the family using 1Password as well!), create your account (which comes with a 30-day free trial), and you'll be off and running.
From there, you'll just need to move your existing data from your current, local-with-Dropbox setup, into your 1password.com account. It's pretty easy, and once you're done, you'll wonder why you didn't do it sooner (at least, that's what I wondered when I switched over :) ).
0 -
Ok fantastic, I was on that page but just wanted to confirm in case I might have missed something, many thanks for all your help.
0 -
Yup, set up in less than a minute. Very smooth process. Much appreciated.
Oops, another question, what about the 1Password app on my mobile, will that automatically remove the Dropbox vault and sync with the 1Password account?
0 -
Oops, another question, what about the 1Password app on my mobile, will that automatically remove the Dropbox vault and sync with the 1Password account?
Nope, you'll need to set that up. Once you've got all of your data into your 1Password account, if there is no data that exists exclusively on the phone, you can simply uninstall & reinstall 1Password on the phone. When you do so, sign in to your 1Password account.
:)
Ben
0 -
Thanks Ben, yes I just uninstalled and reinstalled and everything's working fine.
0
