Hint and other data not encrypted

ericvr

Hi All,

I thought I had read that the meta data with 1password 4 would also be encrypted. I'm browsing a bit in the files 1Password 4 for Windows stores on my local disk and I see that in the .password files I can still read title and website locations. What surprises me more is that the hint to my password is readable in the .password.hint file. If I had known this I would not have chosen to enter this hint as it could be quite useful to anybody with bad intentions.

There is a post on this forum about someone who was laid off and could not delete his 1password files from his work computer. He was told that his data has good encryption and that his data would be safe. I would say that if you're not aware that the hint is readable to everybody who has access to your 1password data, this could pose a real thread and the safety of his data would also depend on how cryptic the hint is.

Basically I have two questions,

1) How can I remove or change the hint? Can I just delete the .password.hint file on Windows?

2) I guess I misunderstood about the meta data being encrypted. Will it be in the future?

Thanks in advance and best regards,

Eric

svondutch

As long as your vault is stored as an agilekeychain (the default format on Windows and Mac when you sync your 1Password data to Dropbox), the title and the URL of your items are not encrypted.

Pretty soon, we'll move to a new format we refer to as "opvault" (aka the 1Password 4 cloud keychain format). Most of the platforms (Mac, Windows, iOS) are ready for this. Everything is encrypted in opvault (including the title and the URL of your items).

I agree a password hint is generally a bad thing. The Adobe breach has learned us how dangerous password hints are. I'm not going to make any official recommendations here, but I always enter n/a (not available) myself.

svondutch

How can I remove or change the hint?

Change your master password on Mac.

Can I just delete the .password.hint file on Windows?

Yes.

I guess I misunderstood about the meta data being encrypted. Will it be in the future?

Yes, pretty soon everything will be encrypted.

ericvr

Thanks for your quick response! I've removed the hint files from my windows laptop. Good news to hear about the new format. By the way, I'm not using doxbox but folder sync via a webdav mapped drive, I guess this is similar and in that case the agilekeychain format is used as well.

Thanks and best regards,
Eric

J4qenHgh4a

Hey everyone,
I have been searching for a long time for a secure way to store my passwords. Sadly I have a lot of different devices (iPhone, Android, PC & Mac) and you guys are by far the most comprehensive solution for my case.

Anyway... the same as Eric I was looking at those ".password" files and I was quite frustrated to see that such "metadata" was included and readable in the files. Can you give a rough ETA on how soon "everything will be encrypted"?

Cheers

DBrown

When 1Password on all the platforms we support can read and write the new data structure, 1Password 4 for Windows will be able to switch to it. (The ability is already in the beta builds.) I haven't heard anything like an ETA, but we hope it won't be too much longer.

I don't expect that switch to the new structure to occur in 1Password 1 for Windows, by the way.

J4qenHgh4a

Hey DBrown,
thank you for your reply.

I think you got me lost there. The next big windows release will be 1Password 4, not the 2 then? I was thinking about buying the family bundle (Mac+PC) so I could have my 1Password in my Work, Wife, own Laptop and own PC.

I am also on software development and I understand that ETAs and deliveries are two different things. But I would not like to purchase something that is soon to be "outdated" and then shell out more money for an upgrade. On the other hand, I am trying 1Password and I am overall really happy if what I am seeing (except Dropbox, but that's another topic and I do have other means to sync). Anyway, would be in the realm of possibility to get an upgrade gratis if the upgrade happens not that far in the future?
;;)
Thanks again.

Cheers

svondutch

@J4qenHgh4a‌ On Windows, we're moving from version 1 to version 4. There is no version 2. Should you decide to buy version 1 now, then I promise you'll receive a FREE upgrade to version 4 once this becomes available. Thanks!