Terminating synching
A year ago I gave a colleague a copy of my 1Password 6 Standalone for Mac plus my license key which he installed on his MacBook air. That allowed him to access all my passwords. I do not remember explicitly giving him a copy of the vault which is stored on my dropbox account, but at the time we checked to see if he could access my passwords and he could.
Now our work together is finished and I want to be sure he no longer has access to my passwords. I could just ask him to delete everything to do with 1Password, but I dont fully trust he will do that.
The day before yesterday I changed one of my item passwords within my copy of 1Password and I asked him via email if he could tell me the password for that item. I discovered that he could see the old password, not the new one I created.
However, I also found out my own iPhone on the same LAN as my Macbook air also didnt synch to that new password. I discovered that synching was never set up in my iPhone.
I am guessing that synching was also never set up in my colleague's copy either which is why he didnt see the new password. However, if he does set up synching will he then be able to see any changes I make here?
What do I have to do to isolate my colleagues copy of 1Password?
Yesterday I changed the password for Dropbox (where synching is supposed to take place) but I also changed it within 1Password, so that although he might not see it now, if he turns on synching he would be synched via Dropbox? Or not? As you see I'm confused.
How can I stop synching altogether?
If necessary I can change all 300 of my passwords within 1Password but I am hoping there is an easier way.
thanks for yur help
1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: OS X 10.10.5
Sync Type: Dropbox
Comments
-
Hi there @jockm2
You've done largely what you should have done. If syncing is done via Dropbox, then changing your Dropbox password will prevent further syncing from happening as he will need the new password. So your colleague will no longer get any new updates to your 1Password data as you have cut him off from your sync method. You can also turn off Dropbox syncing within their copy of 1Password if you wish to.
However, as for your existing passwords, it is not possible to revoke his access to those. 1Password retains a local data cache. Even though, having cut off syncing, he won't receive any new updates to your data, he retains full access to the set he had. The question here is how much you trust this person. You could ask him to delete all of the 1Password data but, as you said, you don't fully trust he will do so. Even if he did, there is nothing to say he hasn't exported the data elsewhere or printed it. It all depends on your trust level. The only surefire way to ensure that your colleague does not have access to any of your accounts is to change every single one of the passwords he was given access to.
0 -
Thanks for your help. Having got into this problem I see that many of my 500 odd passwords are very weak or too short so I am going to have to change them anyway. I'll be busy for the next week of two doing that!
0 -
But just to clarify, we obviously don't condone facilitating piracy by "sharing" one individual's license with someone else. And we never recommend sharing secrets (data, passwords, etc.) with someone else unless it's intended that they have that information indefinitely. Secrets that have been shared cannot be unshared. As Corey mentioned, the only way forward in situations where you want to prevent someone from being able to access further changes to the data going forward (what they have already cannot be "revoked") are to change the Master Password and stop sharing the vault itself. Better safe than sorry!
ref: GXG-69858-999
0
