Should I be worried about 1Password leaking my data?
Dale Myers has an alarming post over at his blog: http://myers.io/2015/10/22/1password-leaks-your-data/
He suggests switching to the OPVault format but I'd rather not have to deal with that if at all necessary. Any help and/or reassurances would be appreciated. Thanks.
1Password Version: 5.3.2
Extension Version: 4.4.4
OS Version: 10.10.5
Sync Type: Dropbox
Comments
-
Could you please explain. Is that a serious threat?
http://myers.io/2015/10/22/1password-leaks-your-data/1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: kb-search:opvault0 -
I think you'll find this knowledge base article very informative...and much more detailed than I can include in any reasonable reply here. :)
Agile Keychain Design
Stephen
0 -
It is not a threat to your passwords.
But I think the article does point out, as mentioned in @Stephen_C 's reference, that certain metadata is not currently encrypted. Someone interested in knowing what sites you have passwords for, could gather that information, as far as I understand it. Of course, they would still have to gain access to your vault in some way, such as hacking your Dropbox account.
0 -
How is this not a problem and why isn't the metadata encrypted?. Sure, it isn't the actual password and requires DropBox hacking but why not at least offer the option to encrypt everything. At least explain in the docs the potential issue and make it easy to choose the other keychain type that doesn't have this problem.
0 -
@jbligh I have merged your post with an existing thread on the subject. @Eight and @neil@laubenthal.net note the consequent change to the thread header.
Stephen
0 -
In any case, even though migrating from one format to the other is a bit tedious, is there any disadvantage in migrating to OPVault?
Isn't OPVault the future of 1Password file formats anyway?Corentin
0 -
Couple of questions.
- Should one switch to the OPVault format or is it still a work in progress?
- is the procedure with the hidden preference thing from the knowledge base still the optimum method of switching.
- Are there any drawbacks to switching to OPVault?
0 -
When is OPVault for Android going to get released???
0 -
In the well-respected MacInTouch Reader Reports http://www.macintouch.com/readerreports/security/index.html#d19oct2015 some are saying that they've discovered that "it turns out that your metadata isn't encrypted" in the 1Password file in Dropbox.
Could you address that, either here or over at MacInTouch?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
In the well-respected MacInTouch Reader Reports http://www.macintouch.com/readerreports/security/index.html#d19oct2015 some are saying that they've discovered that "it turns out that your metadata isn't encrypted" in the 1Password file in Dropbox.
Could you address that, either here or over at MacInTouch?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Hi everyone!
Thanks for all the questions and requests. As you might imagine, we've had a number of responses and inquiries to this "discovery" by Dale Myers, so I apologize for the slightly delayed response from us. I put the word discovery in quotes because, as @Stephen_C alludes to above, we've documented this characteristic of the Agile Keychain from the very beginning when it was introduced in 2008 to replace reliance on the OS X keychain in 1Password.
Our own @khad and @jpgoldberg (among others) have been discussing this - and the reasons behind it - for a few years now, and in fact those posts are an excellent place to start, if you want to know the history and thinking behind the design of the Agile Keychain format. If you're interested in a shorter and less conversational run-through, we've also put up a new blog post in the wake of this recent burst of attention to this topic.
But to answer some of your concerns in a more direct fashion, @jbligh - switching to OPVault isn't as daunting as perhaps it seemed in the Myers' article: on the Mac, it's a fairly straightforward matter of a single terminal command, which you can copy and paste. There's a couple of additional steps if you're syncing with other devices, but it's not something the average user should be wary of or worried about.
Finally, if you really don't want to attempt the switch to OPVault, then to answer the overall gist of your question, sticking with Agile Keychain isn't a large security risk. In 2008 when we designed the Agile Keychain format, the hot new iPhone on the block was the 3G -- just one model removed from the original iPhone. If you owned either of those phones, you'll remember how much less processing power they had, compared to today's devices. Agile Keychain intentionally left some of the metadata regarding your 1Password data unencrypted to avoid the battery and performance penalties that would've been incurred from encrypting everything and having to do processor-intensive decryption functions for every single operation in 1Password. But unencrypted doesn't necessarily or automatically mean vulnerable. The important thing to remember is that your Agile Keychain resides in your Dropbox account. Dropbox themselves encrypt all data you store there with an additional layer of encryption unrelated to 1Password, that's secured by your Dropbox password. But even if they did not, an adversary would still need to either hack Dropbox itself, or crack your specific account just to be able to access the metadata in your Agile Keychain. That was not then, and still is not now, a likely scenario.
On an ultimate scale, is it more secure to have the metadata encrypted? Yes -- it provides an additional layer of security and, depending on your perspective, peace of mind. If that sounds like the most sensible approach to you, then we urge you to try the OPVault switch, provided you're not using an Android device or older non-Android devices that still have to use older versions of 1Password as part of your 1Password "ecosystem." But if we thought Agile Keychain was compromised or inherently insecure when used as intended, we would not risk your data by continuing to have it be available to users.
Neil - re: drawbacks of OPVault: at present, there are none, except if you have older hardware that requires older versions of 1Password which do not support OPVault, or if you have an Android device which cannot yet support the OPVault format, or if you rely on 1PasswordAnywhere, which is dependent on the Agile Keychain format. If your hardware and versions of 1Password are up-to-date and you're not an Android or 1PasswordAnywhere user, there's no downside.
0 -
Thanks for the detailed reply Lars,
Corentin
0 -
Thanks for the info. Can you elaborate on "There's a couple of additional steps if you're syncing with other devices"? In my case I'm synching between two Macs and an iPhone.
0 -
Hi @jpotisch,
Sure, be happy to: Agile Keychain and OPVault are different keychain formats, so they're not compatible with one another. You can't simply sync an Agile Keychain with an OPVault keychain.
When you first begin the sync process as a new user, you start from one of your devices and choose Dropbox, which causes 1Password on that device to write out a keychain of whichever format to the location you select in your Dropbox folder. Then, on your other devices, you sync to that keychain, and all is well.
Because of the difference in the format, if the keychain you already have in Dropbox is Agile Keychain format and you're trying to switch to OPVault (and by the way, this would be the case in reverse too, if you were trying to switch from OPVault to Agile Keychain), then what you need to do is the following:
- Make sure you make a current backup of your data (not required for this, just as a precaution), and make sure each device has synced recently so all devices have identical data.
- Disable sync on all devices before proceeding.
- On whichever device you choose (one of your Macs, I'd recommend), run the terminal command to use OPVault.
- Visit your Dropbox folder in Finder or a web browser and delete any and all older keychains in the Agile Keychain format.
- Set up sync from the "main" Mac as normal; just choose Dropbox from the Dropdown menu in Preferences -> Sync, and it will write out a new keychain in OPVault format.
- On each of your other devices, re-enable sync (merging if required), and you will be up and running with all your devices in sync again, this time via OPVault format.
You can verify this by looking in finder or a web browser at the keychain itself in Dropbox. It should carry the .opvault file type suffix. If you don't see that, or it still says .agilekeychain, something went wrong -- let us know. But all should be good. :-)
0 -
@joeholmes I've merged your post into a thread which is already discussing the subject of your post.
Stephen
0 -
In my mind, the reason people use a password manager is because, in the event our computer is hacked, stolen, or even accessed by someone locally, we want our personal data to be secure. Maybe our Dropbox account gets hacked, or there's a vulnerability with Dropbox or our computer software. That's the situation we are trying to protect ourselves against. Do we really want a thief (or local snoop) to know all our financial websites, or other private info? There are ways to attempt to hide where we've been on the browser, but for a long time, 1Password has left all this private info (where we bank, what perhaps-embarrassing sites we have passwords for, etc.) in the open for anyone with access to see.
I've been the victim of identity theft due to a data breach of my health care provider. Knowing what websites I have passwords for would be helpful for anyone who has stolen or purchased my private info, as fraudsters might be able to convince companies to reset passwords using my info, and they would certainly be aided knowing which companies I have relationships with. Thus, metadata is really something that needs to be private, to protect users. I'd think a company dedicated to security would be better able to see this. But I feel like there's sometimes a myopic focus on certain aspects of 1Password security, and complete lapses on other aspects of security (such as my previous complaint, not providing a verifiable download for the Firefox extension for several years after it being brought to your attention - https://discussions.agilebits.com/discussion/comment/196063#Comment_196063). I continue to use 1Password, but I certainly think you guys aren't covering all the bases you should be. And as you guys literally hold the keys to our lives, users really need to trust you are always covering all the bases for us.
0 -
Can you say more about the plan to have 1P automatically convert to OPVault at some point? I'm tempted to switch manually now, but would rather wait if it won't be too long, due to the possibly error-prone process.
0 -
Thanks, @LarsOlsson. I think it's important for people to understand that this is an architectural choice that 1Password made that had pros (performance, ability to use 1Password without the app) and cons (unencrypted metadata). I do think that while AgileBits technically did disclose this all along, it was not very discoverable. Knowing what I know now, I'm not sure if I'll convert to OPVault or not - if I'm traveling without a laptop and my phone gets stolen, I wouldn't be able to login to anything. If I knew my Dropbox password and could get to a computer, with 1PasswordAnywhere I could.
I would hope that a future version of 1Password makes the choice clearer at setup, and makes changing later a button click instead of the workflow described above. Even better, I'd happily sacrifice significant 1PasswordAnywhere performance to have my metadata encrypted as well.
0 -
Hey @mirv,
I wish I could pull that out of my back pocket for you, but unfortunately I can't give you any specifics of when you'll see the process become automated. We've learned over time not to announce dates-certain, due to having no control over what might crop up to alter the landscape in the interim.
If you want to convert to OPVault, but are worried about the process, I...I don't know how to reassure you except to repeat that even for someone who shies away from getting "under the hood" with the terminal/command line it's a much more straightforward process than it probably seems at first blush. I really think you'll be able to manage it quite easily. And if you just don't want to attempt it, as I mentioned previously, Agile Keychain remains a viable and secure option until the OPVault switchover process becomes automated.
0 -
@jpotisch I have just changed my agilekeychain to OPVault and it worked like a charm using 1Password for Windows. Originally I wanted to change it using the Mac version but I just have my Windows computer at hand right now. No need to be worried. And in any case you still have agilekeychain backups available if something goes wrong.
0 -
I normally sync my Mac and an iPhone using Dropbox. I wasn't even aware of 1PasswordAnywhere and have no imagined use for it, so I went ahead and made the leap to OPVault. Zero complications in conversion and I'm successfully syncing both ways again.
I did notice, however, that while my original .agilekeychain file (containing 300+ items) was 9.3mb, the converted .opvault file is only 3.8mb. @LarsOlsson is this normal or should I be concerned?
0 -
Hi all.
I really don't understand 99% of the there'd content ,, But I do understand that maybe there is "something ".
I use 1P in my iMac + iPad + iPhone with iCloud syncing.
I don't use Dropbox at all.
Do I need to worry ?
Thanks.0 -
Hey @collin,
OPVault will be smaller than Agile Keychain because instead of keeping a separate key for every item, we keep the data in "bands," each with its own key. There are fewer bands than there would be of individual records in an even moderately-large Agile Keychain vault. So you'd expect the overall size to shrink on conversion. The only other thing that could (and I emphasize could) make the vault size smaller would be if some of your attachments weren't brought into the OPVault. This isn't something that happens as a result of conversion, but if you're concerned about it, just check your items to be sure any attachments are still present and accounted for.
0 -
@LarsOlsson Thanks for the explanation. I only had a few attachments and all seem to have survived the conversion.
0 -
Yes, thanks. My new 1Password.opvault is about 90% smaller.
0 -
@LarsOlsson Thanks for the explanation. I only had a few attachments and all seem to have survived the conversion.
@collin: Excellent! Thanks for the update. On behalf of Lars, you are most welcome. I'm glad to hear that went smoothly for you! :)
Yes, thanks. My new 1Password.opvault is about 90% smaller.
@mirv: Wow! Depending on how big it was to begin with, you might not notice that in day-to-day use, but every little bit helps. Thanks for sharing your slim OPVault success story! ;)
0 -
Please help. Can't understand the issue.
0 -
Thanks Lars…I'm only using iOS and Mac versions with DropBox sync, keep up to date and have no need for the Anywhere part.
0 -
@Alain_55, you can find more details about the issue here:
Your passwords are safe when using the Agile Keychain format
Neil, you should be able to move forward with the steps in the Knowledgebase to switch to OPVault on Mac. Once you have done that, you can disable and re-enable Dropbox syncing in 1Password for iOS. Your OPVault will be detected, and 1Password for iOS will use it as well.
Can I switch to OPVault from Agile Keychain?
I hope that helps, but please let us know if you have any other questions or concerns. We are always here to help.
Cheers!
0
