You won, I gave in

2»

Comments

  • Another question I just thought about. When I 1st got 1Password, my master password was on the weaker side. I read on here that I can re-encrypt my whole vault with the new password. I think it was something along the lines that if I just changed my master password, my old master password was still in the encryption or something. Is this still an issues with 1Password Families? Can I now change my master password as I please and not worry about my old password being in the encryption still?

    Talked about here:
    https://discussions.agilebits.com/discussion/18646/how-to-re-encrypt-everything-increasing-security
    And here:
    https://discussions.agilebits.com/discussion/27885/changing-the-master-password-and-re-encrypting-the-database-resolved

  • brentybrenty

    Team Member

    @prime: Ohhh that's a fantastic question! It's a little less relevant with 1Password.com, but you're on the right track.

    With local vaults, your data isn't encrypted directly by your Master Password. Instead, the data is encrypted with a set of keys that are generated at time of vault creation, and then your Master Password encrypts those keys. So changing the Master Password doesn't re-encrypt all of the data in the vault, only the keys used to encrypt it. This is why it's so fast to change it, and why you don't have to re-sync everything again afterward.

    With 1Password.com, it's fundamentally similar, except that the keys are never encrypted only with the Master Password; they're also encrypted with the Account Key. So while changing the Master Password doesn't re-encrypt everything, the 128-bit Account Key is also needed to decrypt it. Therefore, unless both are known, it doesn't make a difference. For example, if someone knows my Master Password, changing it alone is sufficient since they didn't know my Account Key, which was also used to encrypt. Just one more reason to love the Account Key, eh? :love:

    Also, it's important not to think of the Master Password as being in the encryption, because it isn't stored anywhere; rather, it's used to transform the data, and thus to reverse the process. It sounds like splitting hairs, but it's an important distinction, since it means that access to your data doesn't also include access to your Master Password, even in obfuscated form.

    Maybe it helps to think of a famous(?) example: Jon Lech "DVD Jon" Johansen, who reverse engineered the DVD encryption scheme. How? Because in order for a DVD to be decrypted for playback, the keys must be provided. And since the user couldn't reasonably expected to enter a passcode each time they want to watch a movie, the encryption keys are included in every DVD player sold. So Johansen found a way to extract them, and the rest is history. This is why our Master Passwords are not stored with our vaults. ;)

    Anyway, that's a bit off track, but I hope it helps put this into context. :)

  • primeprime
    edited March 2017

    Thanks! So it's much easier to change and not have to worry due to the account key.

  • brentybrenty

    Team Member

    Totally! :)

  • primeprime
    edited March 2017

    So @brenty I watched Snowden yesterday.... should I be worried about having my data on someone's servers? Lol

  • brentybrenty

    Team Member

    @prime: Great documentary! I think you already know the answer by now, but since you asked, I'll just reiterate that all 1Password.com has is your encrypted data, not the keys needed to decrypt it. :sunglasses:

  • @brenty It was a great documentary! It was on sale for $4.99 on iTunes and I figured, what the heck, I'll get it. I didn't realize how much I would enjoy it!

    So I think it will be officially we are keeping 1Password for Families. I've been doing a lot of reading, still not done, but enough that this is safe. I spent a lot of my day off yesterday looking up stuff, and so far, so good. The bounty is also a selling point too, not many people can do that.

    Today we're going to transfer my wife's work 1Password over to it. Since we have 10 users, we're treating it like a separate "family" member. I like to keep work and personal separate. So I get to play with 1Password 6 for Windows, so I'll probably be swearing some since it's Windows hahaha.

    The only thing I wish is each family meneber can have a "personal vault #2" of their own, so maybe that will come in the future.

  • brentybrenty

    Team Member

    @brenty It was a great documentary! It was on sale for $4.99 on iTunes and I figured, what the heck, I'll get it. I didn't realize how much I would enjoy it!

    @prime: Yknow, when you said that I immediately went to the iTunes store to see if it was still on sale...and quickly realized that I haven't seen that movie. I was thinking of the documentary "Citizenfour". Definitely check that out if you haven't already. Picked up "Snowden" though and I'll be watching that as soon as I have time. Not on sale anymore, but I'm sure I'll enjoy it. Thanks! :)

    So I think it will be officially we are keeping 1Password for Families. I've been doing a lot of reading, still not done, but enough that this is safe. I spent a lot of my day off yesterday looking up stuff, and so far, so good. The bounty is also a selling point too, not many people can do that.

    Great! And yeah, we're pretty excited about the bounty too. It sounds scary in some ways, but it means that we can get even more of the best security professionals into an incentive to help us find anything we can improve in our systems to make 1Password even stronger. :sunglasses:

    Today we're going to transfer my wife's work 1Password over to it. Since we have 10 users, we're treating it like a separate "family" member. I like to keep work and personal separate. So I get to play with 1Password 6 for Windows, so I'll probably be swearing some since it's Windows hahaha.

    Hey, that's not a bad idea: using an extra family member slot for a separate account for your work stuff. I hear you about Windows. I really love tinkering and it's great for that, but while Windows 10 is an improvement in many ways, it still finds ways to get in the way of itself. Or at least Microsoft does. I do wish that I could dual boot macOS on my Surface though. Good to hear that your wife is taking the plunge too, and of course we're here if either of you need a hand — or just a shoulder to cry on when something Windowsy happens. :lol:

    The only thing I wish is each family meneber can have a "personal vault #2" of their own, so maybe that will come in the future.

    You can always create a new vault and have it "shared" only with a single member. I'm not sure that's what you're after, but it might help depending on your use. Cheers! :)

  • primeprime
    edited March 2017

    But I found out my daughter actually keeps a vault for her stuff then one for her school stuff. I was actually surprised she did this on her own. She's not an Admin, so she can't even make her own and share it with only herself. I did tell her about the tags for now.

  • primeprime
    edited March 2017

    @brenty I thought I could share a vault and only sold people as a read only? I only see manage vault and the other option where a person can add, edit, and delete. What's the difference?

    Edit: I figured it out!
    So what does this all mean?

  • brentybrenty

    Team Member

    But I found out my daughter actually keeps a vault for her stuff then one for her school stuff. I was actually surprised she did this on her own. She's not an Admin, so she can't even make her own and share it with only herself. I did tell her about the tags for now.

    @prime: Ha! Nice! She's already a pro! :sunglasses:

    @brenty I thought I could share a vault and only sold people as a read only? I only see manage vault and the other option where a person can add, edit, and delete. What's the difference?
    Edit: I figured it out! So what does this all mean?

    It sounds like you may be all set, but I just wanted to clarify for you and anyone else it might benefit. With 1Password Families, you have effectively two options and can choose any combination of these:

    • Allow Editing — enabled or disabled
    • Manage Vault* — enabled or disabled

    *This shows up under "Custom Access", since other 1Password.com plans support this and additional options.

    So for example, in your screenshot, that person has permission to view and manage the vault (for example, sharing it with others), but not make changes to its contents.

    I hope this helps. Be sure to let me know if you have any other questions! :)

  • primeprime
    edited March 2017

    @brenty

    *This shows up under "Custom Access", since other 1Password.com plans support this and additional options.

    So what does "access was set under a different account plan" mean?

  • @brenty this is a question and not sure how to ask it. When 1Password was on the Mac App Store before how it is now, it was $65 for it, and now it is free with IAP. My daughter has the 1Password from the MaC App Store when there was a charge to purchase it (non IAP). Since we are on 1Password for Families, should I switch her to the version that now has an IAP, or will her version still got updated? Because it almost like it's 2 different versions. I hope I explained this right.

  • brentybrenty

    Team Member
    edited March 2017

    So what does "access was set under a different account plan" mean?

    @prime: Huh. I hadn't noticed that. I'll have one of the web devs take a look. I'm guessing that this is a UI glitch from enabling only some of the permissions that 1Password Teams accounts use in 1Password Families, but we'll check and get back to you on that.

    @brenty this is a question and not sure how to ask it. When 1Password was on the Mac App Store before how it is now, it was $65 for it, and now it is free with IAP. My daughter has the 1Password from the MaC App Store when there was a charge to purchase it (non IAP). Since we are on 1Password for Families, should I switch her to the version that now has an IAP, or will her version still got updated? Because it almost like it's 2 different versions. I hope I explained this right.

    You did a fantastic job. Mind if I borrow part of that? :lol:

    But in all seriousness, it's the same app, only with slightly different purchase options. Since any App Store purchase is tied to the Apple ID, the App Store just validates it when downloaded. So there's no need to make any change. Only the App Store is handling new purchases differently. The app itself remains the same and she'll continue to get updates without reinstalling. :)

    ref: b5-2315, b5-2436

  • @brenty be my guest :)
    And thanks doe looking into that for me

  • brentybrenty

    Team Member

    :):+1:

This discussion has been closed.