Can I deactivate 1P for a lost Mac to remove non-password items (credit cards, bank accounts, etc)?
Hi, I lost my Mac running 1Password with iCloud Sync.
I've already changed my iCloud password and most of my sensitive web passwords. But there are still lots of unchangeable sensitive items in there: credit cards, bank account numbers, passport, driver's license… can I protect those, short of canceling them all?
Is there any way to deactivate a particular machine's access to 1Password? I'm unable to use Find My Mac to erase it, because the machine is not online, so can't receive a lock or erase signal.
Comments
-
I'm sorry for your loss.
Even if you can't use Find My Mac all your 1Password information will still be protected by your master password so anyone who finds your Mac (assuming they can then access the information on it) would still have to crack your master password before they could see the information contained in 1Password.
It's obviously sensible you've changed your iCloud password (I hope you've enabled two-step verification for your Apple ID as well). You might also consider changing your master password.
Edit: sorry, the answer to your specific question is that there is no way you can de-activate your lost Mac's access to 1P apart from using Find My Mac.
Stephen
0 -
"I'm unable to use Find My Mac to erase it, because the machine is not online, so can't receive a lock or erase signal."
That's not a problem. You can send a lock or erase command anyway. The command will be stored and sent to the Mac as soon as it goes online. Obviously, your 1Password login information is useless prior to that time.
0 -
Thanks @Stephen_C. Definitely setting up 2-step auth for iCloud. I also updated my master password for 1Password just in case, though if the MacBook falls into the wrong person's hands, a human-memorable password isn't going to be much of an obstacle. I'd feel a lot better if I could revoke access for that machine's 1Password install to iCloud sync.
@Plato, the problem is that my MacBook has a login password, so the Find My Mac features aren't much help — no way for those signals to reach the machine (and so far, it's been two days and Find My Mac hasn't seen it). My real fear is if someone were to circumvent internet connection entirely and simply connect to the MacBook in Target Disk mode, they'd be able to copy my 1P database (along with all of my other data), and have all the time in the world to try and crack it.
I enthusiastically put nearly my entire identity in 1Password — but I'm thinking that without the ability to revoke access remotely, perhaps keeping anything besides web passwords (e.g. bank accounts, credit cards, identify docs and other sensitive, non-updatable things) there is unadvisable.
0 -
@jayharlow, you say "a human-memorable password isn't going to be much of an obstacle."
Actually, there are several approaches to memorable passwords that are not easy to crack. Decider is a good one.
0 -
There is an excellent AgileBits blog post here called "Towards Better Master Passwords", which you'll probably find interesting @jayharlow.
Stephen
0 -
Hi @jayharlow
For any future machines you may wish to consider FileVault under System Preferences > Security & Privacy and then the FileVault tab. Encrypt the entire drive and then somebody wishing to gain access has to break your user account password and then break your 1Password Master Password. As long as you select strong passwords breaking one of those can be measured in decades but to then to have to break another level altogether?
The only way to revoke access remotely is to trust somebody with that power and 1Password has been designed so all of your information is in your hands, not ours. Certainly it's one of the reasons I chose 1Password. Still, given I have a strong user account password, disk encryption and a strong Master Password I don't feel concerned about 1Password storing all of my details. I say that as a user, not as a member of AgileBits.
0 -
I have often wondered (and don't seem to have found a good answer anywhere) how strong the password for a user account needs to be.
Given that there does not seem to be an easily available method other than brute force to get in to a user account, assuming that the disk is encrypted to the password can't be bypassed.
0 -
Thanks for the tips, all. Unfortunately, my 1P password, while not a simple dictionary word, was optimized for ease-of-typing rather than security, since I have to type it constantly throughout the day. I've since updated it to something more complex, but as I said before, the machine hasn't connected to the network, so no way it could sync.
And, unfortunately I did not have Filevault enabled, nor a firmware password (which I've now read is preferable). The AppleCare rep I spoke with assured me that nobody would be able to access my data via Target Disk Mode without my user password, but everything I've read online indicates the opposite.
So at this point I've done what I can do, and just have to hope that whomever has my machine isn't too computer savvy or malicious.
0 -
Yeah... I'd say the AppleCare representative probably didn't know what they're talking about. On a normal, unencrypted disk all that stops somebody are permissions and if you're plugging in a disk into another machine and resetting those permissions as root then you have instant access to everything. Physical access means total access - the only defence is encryption.
One thing to consider in all of this @jayharlow is that even being aware that you're running 1Password, all the thief is going to be concerned about is making a quick couple of quid off of your misery, attacking encryption is typically a targeted affair with purpose.
0 -
Great article, @stephen_c thanks again. Have made some improvements to my master password.
But just to double-check: if I've updated my iCloud password, will that prevent a thief who's cracked my 1P master password from syncing my updates?
I ask because I'm having the same issue as others, where my new 1P master password isn't syncing across to other Macs.
0 -
Hi @jayharlow,
If you've changed your iCloud password, and the lost Mac only has your old iCloud password, then iCloud sync will not work in 1Password on that Mac. So even if someone has figured out your master password for 1Password, they won't be able to sync any changes you've made. I hope this helps to answer your question! :smile:
0
