Is moving 1Password.agilekeychain to a different Dropbox folder secure?
I'm looking to consolidate how different apps store data in my Dropbox account. So I've created an Apps folder (which I've given other apps access to read/write from).
With 1Password, if I move my 1Password.agilekeychain into the Apps folder, does that pose a security risk? Will other apps with permission to the Apps folder have access to my 1P file? What if I put the file into a dedicated Apps/1Password/ folder (as opposed to the root Apps folder)?
Or is this not recommended at all from a security standpoint?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I'm looking to consolidate how different apps store data in my Dropbox account. So I've created an Apps folder (which I've given other apps access to read/write from).
With 1Password, if I move my 1Password.agilekeychain into the Apps folder, does that pose a security risk? Will other apps with permission to the Apps folder have access to my 1P file? What if I put the file into a dedicated Apps/1Password/ folder (as opposed to the root Apps folder)?
Or is this not recommended at all from a security standpoint?@alextran: Oh! This is a really interesting question. I'm glad you asked it!
Now, if 1Password stored your data in plaintext (as most apps which I sync via Dropbox do: notes, reminders, etc.) then it could allow any apps with blanket read/write privileges to that folder (and some apps also have access to everything in Dropbox) to access your 1Password data.
However, your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on Dropbox to protect your data. 1Password is secure by design, not by chance. So while other apps my in fact have access to the files in your vault, the data is encrypted, so it's rather worthless without your Master Password to decrypt it. I hope this helps! :)
0 -
thanks for the response @brenty!
as it turned out, i was poking around dropbox yesterday for something else and noticed how apps are granted permission in dropbox. turns out most apps are given full read/write permissions to any file in your dropbox. that i wasn't aware of. the only exception to that is if the app uses dropbox's API. in that case, it only has access to it's own folder and nothing else.
unfortunately, looking at my account, i see only one app using the API. all other apps (including 1P) have access to everything in my dropbox account. i'm actually really surprised dropbox provides full access to apps like this.
regardless of this new found info, it's good to know my 1P file is secure even if someone else were to access it.
0 -
unfortunately, looking at my account, i see only one app using the API. all other apps (including 1P) have access to everything in my dropbox account. i'm actually really surprised dropbox provides full access to apps like this.
@alextran: I'll also add that this is part of what's made Dropbox so popular: it's a really powerful app that — on computers — works with the existing filesystem, so any app can work with data there. With the exception of Mac App Store and Windows Store apps, any app on your computer has this same access, so it isn't something specific to Dropbox at all. Security was not built into desktop OSes from the beginning; it's something that's being bolted on bit by bit this past decade.
regardless of this new found info, it's good to know my 1P file is secure even if someone else were to access it.
Absolutely! That's what 1Password is there for. And we're here if you have any other questions. Have a great weekend! :)
0
