Use "App folder" access type instead of "Full Dropbox"

ollifi
ollifi
Community Member

Currently, you're using "Full Dropbox" access type when saving vault data. I'd suggest using "App folder", because it'd be more secure for user. And I'm not sure, but maybe it wouldn't produce those annoying 1Password files to "recently changed" section of Dropbox.

https://www.dropbox.com/developers/reference

Your app should use the least privileged permission it can.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Use "App folder" access type instead of "Full Dropbox"

«1

Comments

  • Hi @ollifi ,

    Thanks for taking the time to write in with your concern.

    The reason for full access is largely historical. Before there was an API to limit permissions, customers created different hierarchies within Dropbox to store their data. If we changed it, it would break syncing for many people. This is not to say it's impossible, but it requires much more careful planning and consideration than changing the permission request in the application.

    If you have further questions on this, please feel free to reply.

    Cheers,
    Kevin

  • ollifi
    ollifi
    Community Member

    Thanks for the reply. Maybe you could move vaults of all customers to the Apps folder automatically using the current full permissions, and after operation is completed, you could change the permissions to app folder. Of course, notifying users beforehand :D

  • Drew_AG
    Drew_AG
    1Password Alumni

    Thanks for your suggestion, @ollifi! :)

    The situation is actually more complicated than it seems, and in case you're curious, we go into a bit more detail about that here: Why does 1Password need access to all my Dropbox files and folders?

    If the 1Password app on your Mac were to automatically move sync files to a different location in Dropbox, the main problem would be that it would break Dropbox sync in 1Password on all your other devices. You would need to re-configure Dropbox sync in 1Password on each device. There's also the problem of what to do if different sync files in different locations in Dropbox have the same file name. Even if they're automatically renamed to be unique, how would someone know which sync file goes with which vault when re-configuring Dropbox sync on the other devices? Users could accidentally end up merging different vaults together, which would be a problem. Those are just a couple examples, and there are other things which make this even more complicated than it might seem.

    That's not to say we won't find a way to make it happen, but I thought you might be interested to know some of what makes it so hard to change. We really appreciate hearing from you about this though, so thank you for taking the time to share your thoughts on that! If you have more feedback or questions or need anything else, please don't hesitate to let us know. Cheers! :)

  • ollifi
    ollifi
    Community Member

    Thanks again. I think you'd need to figure some way that after moving the files, there would be created some kind of "link" between the old and new folder and all your apps could read it. Then, the sync path would automatically change and user wouldn't need to even notice it.

    Thanks for the link, too. I'll look into it when I have more time.

    As last, I wanna thank you and the other AG staff for all the lovely replies you always provide. Even if I and others ask stupid questions or provide amateur suggestions to complex problems, you always reply politely and with respect. I have never had this kind of service when talking about computer or mobile apps. That's really a thing I'm absolutely thankful. I have always tried to survive with free apps, and I had to think a bit before buying my 1Pw license, but I don't regret it after experiencing the fantastic service (and of course, the excellent apps which work so nicely between different platforms) :) Thank you and keep doing the awesome work!

  • Thanks for the kind words, @ollifi. We love trying to help.

    Cheers.

    Rick

  • joshka
    joshka
    Community Member

    Hey, this issue is about 3 years old now and is still a security issue. Can you please find some time in the schedule to fix this problem?

    In summary: A decision, years ago, allowing 1Password users to place their 1Password data anywhere they wished within Dropbox and relying on some data in the root of the Dropbox folder has led to the situation where you must grant the 1Password app far more access to Dropbox than it really needs or uses.

    To an extent I concede that if 1password is pwned, I'm pwned. That said isn't this basically asking for a privilege escalation?

  • Pilar
    Pilar
    1Password Alumni

    Hi @joshka

    When trying to find the best way to get any program to work, and in this case 1Password you have to find balance between a million things. Both Drew's answer and this article go into a lot of detail of why 1Password needs those permissions. I can understand if you don't like the idea of 1Password having them, and fortunately there are several alternatives for you to not even need to use Dropbox with 1Password! You can Sync your data with iCloud or via Wi-Fi, or you can even get an account and let us do all the syncing work for you :chuffed:

  • Lucent
    Lucent
    Community Member

    This really is an embarrassment for a security company that prides itself on doing encryption correctly and keeping keys partitioned and every device on a need-to-know basis to have such a glaring oversight. Requesting permission to read/write a user's entire Dropbox is absurd. App folders work perfectly for this, and all I'm seeing here is excuses. If 1Password is ever compromised, vaults will be safe due to the master passwords encrypting them, but 1Password is going to have an absolute disaster on their hands when the attacker has access to thousands(?) of Dropboxes and everything contained within.

    Just set it up so every new Dropbox permission request is in an app folder and let people know they can't use very old versions or share vaults if they choose to do an app folder. Don't worry about moving anything or supporting both ways. For existing users, it can work the way it works now. If they want to move to app-based permissions, force them to unlink Dropbox and relink it as an app folder. This solves things for all new users, doesn't bother any existing users, and everyone dedicated enough to care about the difference between full permissions and app-specific (me) can happily deal with unlinking, relinking, and moving files.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Lucent,

    Thank you for your feedback about all this! I'm glad you're taking time to think & ask about the security of your data across different apps and services. That's what we like to see! :)

    I can certainly see why it might seem strange for 1Password to request such broad permissions just to sync your data, seeing as how Dropbox now has an API to limit permissions and have each app use a specific folder. But keep in mind that, as Kevin explained near the beginning of this thread, 1Password has supported syncing with Dropbox since before that API was available, and there wasn't a set location where each app was expected to store data at that point.

    Because customers could put their data anywhere in Dropbox (something requested by many customers back then), 1Password created a file called .ws.agile.1Password.settings in the root level of the Dropbox folder, and that would help 1Password find the data file in Dropbox. Therefore, 1Password needed to be able to read and write to that file as well as the data file itself. Although 1Password no longer uses the .ws.agile.1Password.settings file, it still needs to be able to read and write to the sync file, wherever that happens to be stored.

    Just to be clear, although 1Password requests such broad permissions, it only performs the minimal operations necessary for syncing 1Password data. In other words, 1Password only looks at or touches your 1Password data, and then only as is needed for syncing. I understand you're concerned about 1Password having access to other files in Dropbox, but if you trust 1Password enough to store your most important and private information, I think it's reasonable to trust it to only touch its own files.

    Of course, it would certainly be nice to have more limited access, but that's also a great example of an "easier said than done" type of situation. Simply limiting the access now would break sync for many, many customers. There are potential ways of making it easier to reconfigure the sync settings, although I've previously explained some of the reasons why that's a lot more difficult than it seems.

    But even if we were able to work around many of those complications and used the Dropbox API to limit permissions and use a specific app folder, there's still at least one major issue, which (as Khad explained to you a few years ago) is that Dropbox API doesn't allow sharing folders between different Dropbox accounts. That would prevent sharing a 1Password vault with others via Dropbox, which is a feature that many customers love and rely on.

    So although this is not something we plan on changing, remember that, as Pilar mentioned above, there are alternatives to using Dropbox for syncing your 1Password data. The best option for most people is to use a 1Password.com account, which uses our own servers instead of depending on other third party sync solutions. But if you don't want to sign up for an account, you also have the options for iCloud, WLAN Server, and Folder sync.

    Thanks again for sharing your thoughts and concerns about the permissions requested for syncing with Dropbox. I hope this helps to at least explain a bit more about why that's still the case. But if you need anything else, please let us know. Cheers! :)

  • Lucent
    Lucent
    Community Member

    Drew, I believe I already addressed all your points. Let me go through them one at a time.

    My proposed solution was to leave everyone already linked alone. Keep the full permissions for all existing users and make no changes to their accounts. Only new accounts would get the folder-contained app settings. Other than shared vaults, I have not seen evidence that this creates any problems for any other situation. If there is, your reply will be the first I hear of it.

    I get that in an ideal situation, AgileBits only accesses the folder. When talking security, we don't plan for ideal. We plan for worst case. I actually don't trust AgileBits to have access to my passwords or data. I do trust you to write code that can compartmentalize encryption, but I don't trust you to actually hold onto my passwords. You don't trust yourself either. That's why you specifically built the app so you don't have the master password and the data is unreadable without it. If you built the app correctly, you can't read my passwords, even if they're on your server. No trust is required. Similarly, when I use whole disk encryption, I am merely trusting that Microsoft/TrueCrypt can write proper software to encrypt the drive against my keys, which only I possess. I don't trust Microsoft to store my keys and not read (or offer to the government) my data. That would be monumentally naïve, given what we now know.

    As it stands now, if you are compromised, whether through a hack, state action, or even a disgruntled employee, you will expose the full contents of tens of thousands of Dropboxes, a monumental security nightmare for your company. If you were to implement app-specific passwords for new users, let them know they can't share vaults if they choose the app-specific option, and suggest to others they unlink and relink Dropbox for better security, a compromise of AgileBits would mean nothing. Only encrypted data is exposed, and that is safe with reasonable master passwords.

    The alternative solutions aren't great. $36 a year to store a couple megabytes of data is outlandish. If you'd like to transition us to this from Dropbox, the price must be drastically reduced. I pay the same price to host and serve terabytes of photos. Dropbox is the de facto, free standard for sharing folders among computers and is integrated with every platform. Are your developers unwilling to work on this because of the hassle? Can we set up a bounty, and those who want the feature can contribute money toward it being implemented?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Lucent: I appreciate that doing so would satisfy you, but it would complicate things for many others who are happy to have 1Password to write their data to a user-configurable location in Dropbox. You hit the nail on the head with regard to the impact this would have:

    My proposed solution was to leave everyone already linked alone. Keep the full permissions for all existing users and make no changes to their accounts. Only new accounts would get the folder-contained app settings.

    Your proposal glosses over the complexity of accomplishing this, from a development, support (AgileBits and Dropbox), and user perspective. For example, it's easy to say, "Let's have it both ways", but what if after this change is made someone wants to allow full access so they can do something (previously) fairly straightforward like share or use a custom folder? It sounds like that's not possible any more. But if it is, it means presenting multiple options to the user and making them decide (after hopefully understanding the ramifications either way) on either full access or restricted. Depending on the person, one of these will "sound more right", but that may not mesh with what they're trying to accomplish. These are things we need to think about, in the context of all 1Password users, not just those in this forum discussion.

    And, more significantly, what Drew meant regarding trust is that you're trusting 1Password in order to use it in the first place. Case in point:

    As it stands now, if you are compromised, whether through a hack, state action, or even a disgruntled employee, you will expose the full contents of tens of thousands of Dropboxes

    In your hypothetical scenario, 1Password's code is compromised by a malicious party to access all of the other files in your Dropbox folder. I would think, in this scenario, that having it compromised to access your data in 1Password itself when you use it would be greater (or at least equal) concern. And at that point, full access to Dropbox is pretty irrelevant, since you've almost certainly got more sensitive things in your 1Password vault than you have stored in plaintext in Dropbox.

    Now, we go to a lot of trouble to ensure that this doesn't happen, but I think first and foremost you have to realize that our existence depends on maintaining our reputation and users' trust. You may say you don't trust us, but you sort of have to in order to use our products, much like you have to trust the integrity of the silicon and software you run it on, unless you legitimately don't think about or care about your security — and I think it's evident from this discussion that you do! I just think it's important to keep all of this in perspective. Unless you're going to fab your own chips and write your own OS and password manager, you're trusting someone.

    And if Dropbox follows through on their testing to restrict the number of devices on free accounts, it may not be the best free option fro much longer. That isn't a knock on Dropbox, as they have as much right as anyone else to get paid for their work. Just something to consider.

  • dsjr2006
    dsjr2006
    Community Member

    @Lucent the suggestions are good, but don't take into account the complexities and greatly overestimates the risk while misplacing the aim on greatest threat. You have to authenticate Dropbox with each device you connect meaning an attacker would need to compromise 1Password client software, obviously at that point it doesn't matter where the sync file is stored.

    The more likely security failure is Dropbox especially since many other applications including the desktop sync app have Full Access which includes App folders anyways.

    Moving sync data to app folders is mostly security by obscurity and does almost nothing to actually improve security. It would restrict 1Password to using its own folder, but doesn't guarantee other apps won't access it.

    Also $36/yr is $3/mo and I don't really understand what you're complaining about. They provide and excellent product with a great reputation. I think free Gmail and such has people spoiled into thinking they should get other people's work for free if it's on the web, but generally you have to pay for software when the software and not the user is the product.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Moving sync data to app folders is mostly security by obscurity and does almost nothing to actually improve security. It would restrict 1Password to using its own folder, but doesn't guarantee other apps won't access it.

    @dsjr2006: That's a really good point. I also don't think about it often because I'm inherently trusting Dropbox by installing their software as well, but I know some folks aren't comfortable with the client having some pretty deep hooks into the system and access to the filesystem.

    Also $36/yr is $3/mo and I don't really understand what you're complaining about. They provide and excellent product with a great reputation. I think free Gmail and such has people spoiled into thinking they should get other people's work for free if it's on the web, but generally you have to pay for software when the software and not the user is the product.

    To be fair, I think this is understandable. It's legitimately an additional cost above what he's already been paid for the product that he chose. However, this same product was designed to interact with Dropbox in this fashion, so I'm not sure I understand why this same design, which was acceptable enough at that time, isn't any longer. But that doesn't matter: we're all entitled to our own preferences.

    I don't get the impression that Lucent is against supporting software developers if he's paid for 1Password licenses and simply wants some things changed to better suit his preferences. And if that's something he can get as a free update by asking nicely, that's just icing on the cake. Can't argue with that. But it sounds like he'd be willing to pay into a bounty for it as well. I'm just not sure that this is a change we can justify at this time, but again, it never hurts to ask.

  • decrypted
    decrypted
    Community Member

    @brenty let me also ask for App folder support.

    Not having this feature for a security sensitive app is really not a good best practice.
    There is just no reason why 1Password should have access to everything in a Dropbox, IF it could work with a partial view.

  • Hi decrypted,

    Thanks for your feedback. The reasons for full access have been mentioned, so I won't mention them again. We certainly aren't against limiting Dropbox. We just have to weight the benefit against the feasibility of transitioning those who have, for whatever reason, stored their sync data elsewhere on Dropbox.

    Cheers,
    Kevin

  • rekkss
    rekkss
    Community Member

    I add my support for this feature. I do not allow any app full access to my Dropbox. That's why I synch via iCloud. You as a company specialized in cyber security must understand this better than anybody. Also, your support base is composed of a special niche of people who place particularly high value on their security and privacy, so if there is a committed to assuring their customers of this, it would be Agilebits. I would not recommend anybody to use any app that has full access to their Dropbox. Please make this change, so that I can recommend 1Password to my friends that use Windows computers and Android phones.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited February 2017

    Got it. Thanks for the feedback on this! :)

  • virgilp
    virgilp
    Community Member

    Let me add my support for this feature.

    I understand what you are saying, that it costs AgileBits money/dev. effort. There's no question about that. That said - it does affect your image too, there's no good reason (other than "legacy" and "it costs us") for 1Password to ask for extended permissions.

    Let me rephrase: if you had to do 1password again, now, you'd probably only ask for app folder permissions, right? So, it's not a question of whether it's a good idea to do this - it's just "we think you'll chalk it up as 'not a deal breaker' and continue to use the app". Well, yes, maybe, you are right. It still creates a negative customer experience :(

    Let me address the other issues that you raised:

    • "what if someone wants to allow full access" - what if someone wants to share the plaintext password? You just don't allow it, because you're a security company, and you know better. What legitimate reason could someone EVER have for wanting this "feature"?
    • "we can't touch the legacy vaults stored on dropbox" - I really do hope that's false. What if somebody finds a weakness in the AES-256bit implementation that you're using, and you need to upgrade encryption? You definitely need to be able to upgrade the clients, and to write a new format that the old clients (potentially) don't understand. If you currently don't have a good way to handle this scenario, please start thinking about it now! And if you do... well, one possible solution for the "permissions" issue has already been presented to you, above.
    • You do have customers that ask for restricted permissions. Do you have customers that ask for full access? Or is this just a speculation? Have you tried launching an app that has the "move to app folder" option? Here's what I suggest: launch an update that presents the option to move to app folder (explaining that it slightly increases security, but will be inconvenient because customer needs to re-authenticate on all devices), or keep the existing "wide access". See how many customers pick the "more security" vs " more convenience" option. I know the default option in product management is "more convenience", but you guys have a special kind of product, so this choice is not always obvious. At least, make this decision informed - see how many people mind about the inconvenience.

    You're right to say that "ultimately we have to trust AgileBits & its software", and to say that if 1password is compromised, the DropBox access might be the least of our concerns. But you're forgetting that you may have obsessive-compulsive customers who simply HATE to see "full access" in the dropbox permissions screen :). And, TBH, there are security scenarios where the 1password dropbox credentials might get stolen, without the client software itself leaking data from the vault - in such a case, it would actually help if your client had restricted access to Dropbox.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @virgilp: You make some really good points with regard to customer experience. The hard part is that changing this would also negatively impact the customer experience of 1Password users. Not to say "feel sorry for us", but it's a bit of a rock and a hard place. This is absolutely the sort of thing we'd do differently if we were starting with a "clean slate", and it's possible that we'll have a good opportunity to do that in the future. After all, planning for a new major release is often a good time to re-evaluate things and challenge old paradigms. But it's definitely not something we're going to do on a whim mid-cycle.

    What legitimate reason could someone EVER have for wanting this "feature"?

    I'm not sure it's for you or I to judge what's "legitimate". But I can tell you from experience that a lot of 1Password users have really weird Dropbox setups when it comes to vault location (sharing, folder names, filename, etc.) A big part of this is that that's how Dropbox worked with apps for a very long time, and making 1Password more restrictive about this now will break a lot of users' sync setups. And again: sharing. Requiring Dropbox/Apps/1Password/ effectively breaks this. Apart from 1Password, Dropbox is filesystem based, and many users are accustomed to doing whatever they want with their filesystem.

    What if somebody finds a weakness in the AES-256bit implementation that you're using, and you need to upgrade encryption?

    AES has been hammered on for decades, and if a weakness is found, we'll all be in trouble, because nearly everything significant, security-wise, is built on it. But let's just say that happens sometime before we've all already moved on to something newer. I'm not clear on how 1Password having access to Dropbox is a concern if AES is found to be crackable. On the contrary, the concern for 1Password users would be other apps that have access to your 1Password data.

    You do have customers that ask for restricted permissions. Do you have customers that ask for full access? Or is this just a speculation? Have you tried launching an app that has the "move to app folder" option? Here's what I suggest: launch an update that presents the option to move to app folder (explaining that it slightly increases security, but will be inconvenient because customer needs to re-authenticate on all devices), or keep the existing "wide access". See how many customers pick the "more security" vs " more convenience" option. I know the default option in product management is "more convenience", but you guys have a special kind of product, so this choice is not always obvious. At least, make this decision informed - see how many people mind about the inconvenience.

    I think that may be the way to go, but definitely not now. And this is also a bit gross in a couple ways: prompts, and changes. Prompts are annoying, and changes are confusing and inconvenient. So we try to minimize both in general, and only do so when necessary. A good example of this where we failed utterly is mutual authentication with the browser extension — failure in the sense that we had to add prompts and a significant change to how 1Password worked with the browser mid-stream...but this was a necessary security improvement. Making this change to Dropbox integration won't improve 1Password's security, and leaving it as-is doesn't pose a risk either, so for now it will stay.

    But you're forgetting that you may have obsessive-compulsive customers who simply HATE to see "full access" in the dropbox permissions screen :).

    We try not to, just like we try not to forget about all of our customers who are equally compulsive about keeping their 1Password data in "interesting" locations in Dropbox. ;)

    And, TBH, there are security scenarios where the 1password dropbox credentials might get stolen, without the client software itself leaking data from the vault - in such a case, it would actually help if your client had restricted access to Dropbox.

    If you use Dropbox's two-factor authentication, that is much less of a concern, as they'd need your one-time password too before it expires.

    I'm not arguing that we wouldn't like to make this change at some point, only that the need isn't as dire as it's made out to be, and that it's something we'll need to consider carefully because the way this goes affects more 1Password users than just those who want it restricted.

  • virgilp
    virgilp
    Community Member

    First - thanks for taking the time to write the (long) reply, I appreciate it.

    I see you completely removed the standalone license, even from FAQs - no mention of them anywhere. So that's the real reason, with subscription DropBox is unnecessary, and people without subscription are not a priority, to say the least. I'm including the rest of my message since it was already-written, but... I guess you can just discard it now :(


    I think you misunderstood me on a few points, so I'll try to distill it:

    A. I strongly believe that you need the capability to evolve how and where the vault is stored, for the sake of your product. You will need it sooner or later. My examples may not have ben great, but I'm personally strongly convinced about this.
    Let me try one more example, maybe this one is better: say DropBox goes bankrupt, or just removes the free tier - wouldn't it be great if you can help even your least-knowledgeable and the most-quirky DropBox users migrate to another service, rather than just saying "your problem!" ? Treat this as a "migrate from Dropbox-full-access to Dropbox-restricted-access" exercise, it's as if a customer chooses to migrate the storage (from DropBox to DropBox).

    B. By "you're forgetting that [...]" I wasn't trying to be condescending, I was just showing off my poor language skills :). Let me try again: the feeling of security is sometimes almost as important as the security itself. Fine - I'll accept that I don't have definitive proof that asking for full permissions is insecure. But in return, please accept that it feels insecure - I may not be able to give you definitive proof that there is a vulnerability, but conversely you can't give me definitive proof that there is NO vulnerability (no evidence of vulnerability is not the same as evidence of invulnerability).

  • ollifi
    ollifi
    Community Member

    A bit off-topic, but standalone licenses are still available - https://agilebits.com/store

  • AGAlumB
    AGAlumB
    1Password Alumni

    @ollifi: Indeed, we don't generally recommend them for new users, but they are still available on request.

    @virgilp: And just to clarify, all AgileBits customers are our priority (and that's why I made the point about the folks who do depend on our current Dropbox setup). But that doesn't mean we're going to continue to promote licenses/local vaults to new users just because long-time folks like us have them. We're not the ones who need to navigate all of this, after all; only folks just starting out do, and the last year (with both being offered readily) has been really confusing and frustrating for a lot people.

    I didn't feel that your comments were condescending (or poorly phrased) at all. On the contrary, I thought you presented your position well, even if we disagree on some points. But for the most part, I agree with you that full access isn't desirable from a philosophical perspective; and hindsight being 20/20, if we had it to do over again (and if it were possible) we'd have almost certainly gone with your preferred approach.

    But when it comes down to it, I think I may have made my main point poorly: Even in the event of some future hypothetical vulnerability, 1Password having full access to Dropbox doesn't present a security risk to your 1Password data; only other apps having full Dropbox access would present a risk in that scenario. I think you're right in principle that having it limited is better, but in practice there are a lot of reasons why it isn't a risk, and why it isn't something we can change right now anyway.

  • virgilp
    virgilp
    Community Member

    Even in the event of some future hypothetical vulnerability, 1Password having full access to Dropbox doesn't present a security risk to your 1Password data;

    Oh, that's not what I worry; but that due to a future hypothetical vulnerability, 1Password may leak my other DropBox documents (some of them, sensitive) to an attacker. I agree that the larger risk is "1Password leaks all my passwords", but presuming that you do have defense-in-depth, it's still plausible that one of the apps is partially compromised, doesn't leak the passwords themselves, but leaks access rights to DropBox.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @virgilp: I haven't seen any research that this is even theoretically possible, but if something like that we're to be be found we'll be on top of it. We follow security research closely, and have contacts at Dropbox and others as well. But the important thing to remember is that your 1Password data is encrypted with your Master Password. So while those scenarios would be concerning for all of us, you're still protected. Encryption is just math, and there are so many people with a vested interest in finding ways to break it (both as a defensive measure and for malicious purposes) over decades that the normal thing I'd say, "It's just a matter of time", ends up sounding a bit foolish in this context. :)

  • bogidon
    bogidon
    Community Member

    In your hypothetical scenario, 1Password's code is compromised by a malicious party to access all of the other files in your Dropbox folder. I would think, in this scenario, that having it compromised to access your data in 1Password itself when you use it would be greater (or at least equal) concern. And at that point, full access to Dropbox is pretty irrelevant, since you've almost certainly got more sensitive things in your 1Password vault than you have stored in plaintext in Dropbox.

    I just thought I would point out that this assumption may not be as reliable as proclaimed. This is one such example: new users. If like myself you've accumulated gigabytes of personal information in Dropbox over the years, the data I will import into 1Password during the time I evaluate your software will be nowhere as important to me as that which I already have in my Dropbox. (I personally keep very sensitive information encrypted, but not other information I still wouldn't like accessed, like pictures)

    For the users who decide against investing in 1Password or those who leave the platform, do you deactivate Dropbox access after their membership lapses? Or could a successful attacker gain access to the accounts of those who are no longer active customers?

    I for one am quite uncomfortable with 1Password requesting full Dropbox access because I value the contents of my Dropbox more than those of my 1Password. I'm also a little surprised that you're making this assumption about your users.

  • AGAlumB
    AGAlumB
    1Password Alumni

    If like myself you've accumulated gigabytes of personal information in Dropbox over the years, the data I will import into 1Password during the time I evaluate your software will be nowhere as important to me as that which I already have in my Dropbox.

    @bogidon: You're absolutely right. I think it's important to recognize that most people using 1Password and Dropbox will keep their most sensitive stuff encrypted in their vault, but this won't always be the case.

    For the users who decide against investing in 1Password or those who leave the platform, do you deactivate Dropbox access after their membership lapses? Or could a successful attacker gain access to the accounts of those who are no longer active customers?

    I'm not sure I follow. AgileBits doesn't have the power to activate or deactivate Dropbox access. Only the user does, through their account:

    https://www.dropbox.com/account/security

    I for one am quite uncomfortable with 1Password requesting full Dropbox access because I value the contents of my Dropbox more than those of my 1Password. I'm also a little surprised that you're making this assumption about your users.

    While you're right that it isn't universal truth, I think it's a reasonable assumption to make in the vast majority of cases: People who use 1Password typically use it to secure important, sensitive data. Otherwise they wouldn't need 1Password in the first place.

    Anyway, I think we're getting way off track here. Keep in mind that if you're using Dropbox (with or without 1Password) on any computers, any app will have access to your Dropbox data anyway through the filesystem. 1Password isn't asking for permission there, and nothing else will either. It's open season. So all of this really only applies in situations where 1Password/Dropbox is being used exclusively on mobile devices.

  • lifeofguenter
    lifeofguenter
    Community Member

    Keep in mind that if you're using Dropbox (with or without 1Password) on any computers, any app will have access to your Dropbox data anyway through the filesystem

    Maybe thats the case, and maybe 1password could lead the industry by avoiding this, or maybe it should just not improve its security.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @lifeofguenter: Given that it wasn't too long ago that many people couldn't access their vaults even in the Apps folder in Dropbox without moving it out, I don't think that's a good idea at all. And again, so long as Dropbox integrates with the filesystem directly on computers there's no security benefit for 1Password users having its data restricted to that location, as any desktop app can read and write there.

  • Kentzo
    Kentzo
    Community Member

    Thumbs up for the idea of limiting 1P access to a single folder in Dropbox.

  • AGAlumB
    AGAlumB
    1Password Alumni

    We don't currently have plans to change the way 1Password syncs with Dropbox, but it's good to know this is something you'd want if we revisit this in the future. :)

This discussion has been closed.