Dropbox Security Question: iPad

I am now using Dropbox for syncing 1Password with my iPad and iPhone.

While I trust that the 1Password program itself is secure, I have a question about how Dropbox handles the information in the keychain. For example: on my iPad Dropbox account the data files stored within the 1Password.agilekeychain folder shows what appears to be the code information for each login or password entry. It seems that anyone who gets their hands on my iPad can get access to this information.

Should this be visible and should I be concerned? Why doesn't the iPad conceal this information in the same way that Dropbox on my Macbook Pro does?

Thanks in advance for your comments.

Comments

  • Excellent question Concerned User!

    While you can, as you said, see all the details about all of the logins there isn't too much to be worried about. 1Password encrypts all the passwords with 128-bit AES, which is the code you described. Although it might not be great if anyone else got their mitts on the keychain, it's still protected by your password and the aforementioned encryption.

    Now, the reason we can all easily see this stuff via Dropbox on an iPad or an iPhone is simply due to what the keychain actually is. It may look like it's a "1Password.keychain" on a Mac, but in reality it's just a bunch of folders with a bit of extra properties telling Mac OS X to present it as a singular blob. If you right-click (or ctrl-click) on the keychain, you can choose "show contents" in the menu that pops up. Then you will get to see all the stuff that's inside the keychain, just like we see it in Dropbox. Nothing out of the ordinary, just the way things work on Mac OS X. Dropbox doesn't implement this functionality and simply shows the folders without anything extra added.

    Hope this clears things up a bit for you.
  • Thanks for the reply.
  • macpug
    macpug
    Community Member
    Hi Concerned User, and welcome to the Forums. Streakmachine, thanks for the assist. Great response!!

    Just to add a little extra info, and give you some good background info, our 1Password data is protected with 128-bit AES encryption, no matter where it's stored. What's more, Dropbox protects the data stored on their servers with 256-bit AES encryption, so your data should be particularly safe there.

    If you're interested in reading about it and want more detailed information, we have our security guide here: http://help.agile.ws/1Password3/security.html and the Dropbox security guide here: https://www.dropbox.com/help/27.

    Hope that helps you feel a little better about it :)
This discussion has been closed.