Is an "Attachment" to a login/password item secure?

I am keeping all my Credit Bureau freeze passwords and login info in 1password. Equifax and Experian are 1password passwords items and Transunion are 1password login items. To each of these files, I have attached the PDF that contains my PIN number. I keep a paper copy of each in my safe.

Question 1. Can I delete the PDFs in my Mac's Documents folder now that 1Password has its own copy?
Question 2. Is 1Password's copy of my file encrypted and secure? if not, is there a way to add a "Secure Note" to a login or a password item?

1Password Version: 6.8.2
Extension Version: Not Provided
OS Version: 10.11.6
Sync Type: Dropbox


  • LarsLars Junior Member

    Team Member

    Hi @paulbartell -- first of all, kudos to you for taking this recent credit bureau breach seriously and taking steps to keep your personal data secure! To answer your questions, it's never a great idea to have only one copy of ANY of your data. There are too many ways in which things can go wrong, from data corruption to water damage to theft to...well, you get the idea. That's why computer gurus preach the gospel of backups.

    However, the steps you've already taken seem prudent to me. To answer your question about security, yes -- all attachments in 1Password are fully encrypted, just as your login/credit card items you enter are. I would say, if you have paper copies in a safe, you're probably fine to delete the PDFs remaining on your hard drive outside of 1Password. It's not really our place here to tell you how many copies of important data to keep around, but your attachments are definitely encrypted within 1Password. Thanks for the question! :)

  • Thanks Lars I appreciate you straightening me out on that.

    As an aside I thought I'd send you the info on placing a freeze on credit. Agilebits subscribers might find this handy.

    You have the right/ability to freeze your own credit. “Freeze” in credit bureau terms means that your credit information is not so readily available. Philosphically the credit bureaus are built on this model that makes your credit information readily available_(without your express permission)_ so that when you sign up for new credit cards or buy cars or houses its right there for the companies to use, all very convenient. But totally stupid if you’re not in the habit of borrowing money and applying for credit every few weeks. BTW Lifelock did not detect that Equifax was a problem. Basically you go into their web sites, register for the freeze and then they give you a PIN. You use the PIN later on to unlock your credit info when you know you have a good reason to unlock it… like when you finance a new car… once that’s done you freeze it up again.

    1Password, of course is perfect for saving all this sensitive stuff. I save password items for Equifax and Experian and I save login items for TransUnion, I do a set of 3 for each adult family member, even our 97-year-old Grandma. To each 1Password Item, I attach the original file that includes the PIN as issued to me by the company. For convenience I make a separate field in the 1Password items that's called PIN. Paper backups in one's safe/safety deposit box are a really good idea.

    There are three major credit bureaus Equifax, Experion and TransUnion. If you’re a victim of ID Theft and can prove it they will all allow you to freeze for free, if you're over 65 its free. It takes about 10 minutes to do all of the following.

    EQUIFAX (Currently Equifax is recommending that you freeze your credit, uh duhhhh) no login required, $10 or less, save the PIN in a safe place.

    EXPERIAN no login required, $10 or less, save the PIN in a safe place.

    TRANSUNION you have to login so you’ll need to register, do the freeze and then save the PIN

  • LarsLars Junior Member

    Team Member

    @paulbartell -- thanks so much for thinking of other 1Password users. This is part of what makes the 1Password user community awesome, truly! :)

    We actually did a brace of posts on our blog on the Equifax issue. The first one was much like what you elaborate on here, while the second was a deeper dive/think piece from our own Chief Defender Against the Dark Arts, Jeffrey Goldberg. You might enjoy both of those, so thought I'd link them here. Thanks again for posting. :)

  • Problem with login on experian. I was in the process of doing a temporary lift on my credit reports today and when I used the chrome extension to try to auto populate the username and password, it told me the credentials were incorrect, but when I copied and pasted both from the file in my 1password, it worked. Am I doing something wrong or is there an issue with chrome or experian or something else?

  • brentybrenty

    Team Member

    @Steinie: Can you be more specific? Without knowing the OS, 1Password, browser, and extension versions along with the URL it's impossible to say what the problem might be. It may be that their signup form allowed a length that the login page does not, and that's what you saved in 1Password.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file