1Password Security Assistance
Hi there,
I am looking to purchase 1password for a company, however I have run into the question of whether to choose 1password over iCloud Keychain. Mostly all devices are apple devices. There is concern about password syncing. Both 1password and keychain offer syncing options. I've read in other forum posts here that 1password does not take any user information, thus it would not be able to leak users' passwords b/c 1password does not store this data. However, if this is the case, then how does syncing occur, whether with many different apple devices, or with other cross-platform devices. At the end of the day, if syncing occurs, doesn't user password information get stored on your server / some other server, and thus susceptible to a breach of security?
Thanks for any assistance :)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@bobi44: It's a great question! In fact, it's sort of the only question that matters at the heart of 1Password — even if we weren't living in a world with what seems like weekly security breaches at major companies. So, first and foremost, even when you do store your 1Password data "in the cloud", it's encrypted so that even a server breach does not reveal anything.
The great thing about syncing data is that what goes in is what comes out at the other end, so that works nicely with encryption. Encrypted data is useless to anyone without the "keys" to decrypt it, so this not only works when you have 1Password store things for you on your device(s), but in transit as well: if someone captures it, whether by stealing your phone or sniffing your internet traffic, they can't access it.
Similarly, since the "keys" (in the case of 1Password.com, your Master Password and Secret Key) can decrypt the data, that works both on the originating device and any other that receives it: it transforms the "random noise" of encrypted data into your username and passwords, etc.
Now, getting back to the heart of the question: why not use iCloud Keychain? Well, I do. And I think a lot of other 1Password users do as well. But for different things. iCloud Keychain has it's uses: syncing Wi-Fi credentials between devices, for one. But while I personally trust Apple and their security model, not everyone does, as there is a lack of control for us as users.
Though iCloud is convenient and secure, I do prefer 1Password overall because I have a lot more control over things: it's cross platform (I can't access iCloud Keychain on my PC and Android devices), I can choose a Master Password that's different than my iCloud account, I can access it outside of iCloud (so that's one less barrier, and I can use a stronger Master Password than if I had to remember both), and if I ever need to, I can easily export my data (getting things out of iCloud is a bit of a mess). So while I generally recommend disabling iCloud Keychain's login and credit card filling features (I also prefer having more control over when and where this is filled), using iCloud Keychain alongside 1Password, each for the things they're good at, isn't a bad thing at all.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Thank you @brenty Your answer was extremely helpful. So in short, both 1password and iCloud Keychain offer syncing services via the "cloud", but encryption is done on the local devices with each. One of the main differences though between the two services are 1Password's customizability, ability to easily download password, etc.
0 -
Correct. :)
Ben
0
