Windows / Microsoft and 1Password Accounts

So I am regularly a Mac user but I also have a windows gaming machine. For a few years now I've had 1password running on both but the windows machine only has certain privileges including my 1password account. I asked a question about this on the forums a while back
(see link https://discussions.agilebits.com/discussion/78740/changing-password-on-one-device#latest)

I do this because MS reserves the right to any and all files on our devices. From my point of view, they do not care about user privacy and do everything in their power to snoop on their users (for their search engine and business oriented based data collection).

My current setup:
Basically my mac/iphone/ipads all sync using iCloud. My 1password account syncs only selected passwords I've copied or moved to my Windows device. As such there are two different 1passwords (one for my Apple devices and one for my windows machine which is unusually long and very hard for me to remember (mostly because the 1password account is website facing). I have had to keep a text file on my windows desktop which I know isn't secure even if its a private machine only I can access.

Ultimately, I'd really like to simplify the process and have one password for everything and make the password much shorter than it is. Just really want to put my security concerns about windows and the 1password website settled once and for all. So ....

Can Windows/Microsoft read the 1password file at all or is it encrypted?
Does the account key provide enough security that we can keep our 1password password shorter? (Eg. 8 to 12 characters instead of 26 or whatever).

Thank you!


1Password Version: 7
Extension Version: 7
OS Version: Windows/Mac
Sync Type: iCloud / 1password

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited July 2018

    MS reserves the right to any and all files on our devices. From my point of view, they do not care about user privacy and do everything in their power to snoop on their users (for their search engine and business oriented based data collection).

    @ravensword: This isn't quite accurate, but certainly it isn't always clear either, so I get where you're coming from. You touched on this with your question:

    Can Windows/Microsoft read the 1password file at all or is it encrypted?

    While it can sometimes be difficult navigating Microsoft's policies and Windows features, the good news is that anything you store in 1Password is encrypted using your Master Password. 1Password does not rely on things like BitLocker for its security. To be clear, BitLocker is a great security feature, but I also like to be fully in control of the "keys" to my data, so I prefer the way that 1Password works in this regard.

    One thing I'll add is that you may want to consider moving to Windows 10. I've found that I get better performance there on the same hardware in most cases, and, paradoxically, while Windows 10 introduced a lot of the telemetry/usage tracking, much of which has since been added to Windows 7 and 8.1, Windows 10 actually gives you a lot of granular control over this stuff. That was not always the case, but it's something Microsoft has improved a lot in recent years due to user feedback. So while I disagree with their initial approach, they have been very responsive and that has made me feel comfortable there.

    My 1password account syncs only selected passwords I've copied or moved to my Windows device. As such there are two different 1passwords (one for my Apple devices and one for my windows machine which is unusually long and very hard for me to remember (mostly because the 1password account is website facing). I have had to keep a text file on my windows desktop which I know isn't secure even if its a private machine only I can access.

    I'd definitely recommend using your 1Password.com account across the board, and with a single long, strong Master Password. That's not only secure, but more convenient since you won't have to juggle multiple Master Passwords or different data being sync'd via different methods.

    However, if you still prefer to compartmentalize things on the PC (though I'd be interested to hear why in light of the rest of this discussion), you could always setup a local vault there where you copy only some of the data from your account, and then sign out of the account completely on that computer. Happy to discuss that further if you wish.

    Does the account key provide enough security that we can keep our 1password password shorter? (Eg. 8 to 12 characters instead of 26 or whatever).

    I apologize that I'm not going to answer your actual question here, but we do not recommend using a weaker Master Password for any reason. The Secret Key (formerly Account Key) is designed to protect your data from brute force attacks against your Master Password in the even that the database is stolen from us. So it should not be treated as a substitute for a good Master Password. After all, the Secret Key will not be required to access your data on a device you've already authorized, so, as a practical matter, your Master Password is still the most important factor in the security of your data. Instead, using a single Master Password will make it easier to remember and get used to typing it effortlessly. I think it's important to consider it in those terms instead, not only for security but also to not make things harder for yourself than necessary.

    Anyway, I hope this helps a bit, but please let me know if you have any other questions! :)

  • ravensword
    ravensword
    Community Member

    Thank you so much for your detailed response on this! This really helps. Thank you!

  • Greg
    Greg
    1Password Alumni

    Hi @ravensword,

    On behalf of Brenty you are very welcome! Please let us know if there is anything else we can help you with, we are here for you.

    Thanks!

    ++
    Greg

This discussion has been closed.