Still hesitant to put “family jewels” (ie all my passwords) in the cloud with 1P Family

I understand the benefits of 1P Family, but what that means is that I have to trust AgileBits to manage your servers in a perfectly secure way. Indeed, if you contract out cloud services I have to trust an unknown entity to do this. Given the lousy track record of corporate America in cyber security, and the increasing capabilities of the bad guys (both individual and governmental), I have little faith that putting the family jewels in the cloud is a good idea.

Can you explain why I should not be concerned?


1Password Version: 6.8.8
Extension Version: ?
OS Version: macOS 10.12.6
Sync Type: Wifi

Comments

  • AdamPAdamP
    edited April 2018

    You're never wrong to be concerned about where your sensitive data resides. It is certainly something you should weigh carefully.

    For my money's worth though (literally, since I am a Families subscriber), 1Password has a very sound design and philosophy that should give you peace of mind.

    Since your data is protected by your Master Password and your Secret Key, neither of which AgileBits knows (or wants to know), your data (and metadata) all remains private, and it's encrypted end-to-end.

    They have a bunch of articles on the support site that cover this in more detail. This one is a good primer, this one is even more detailed, and if you really want to get into the nitty gritty, you should take a look at their white paper.

  • brentybrenty

    Team Member

    @marklme: Agreed on all points. You should be concerned. It's just up to us to not only have a way to protect you, but also make it usable and understandable.

    It sounds like security is your chief concern (as it should be), and frankly it's ours as well. Otherwise we wouldn't use 1Password.com either! There's a lot more detail in our security white paper (which is actually a really fun read, even if you're not into cryptography), but I'd like to offer a few points that summarize how 1Password secures our data:

    1. Your 1Password data is encrypted locally on your device before it is transmitted.
    2. The server receives only an encrypted blob.
    3. Your Master Password is never transmitted.

    You might think I'm talking about 1Password.com specifically there, but that's the case no matter what 1Password setup you use — the only difference being that 1Password.com data is also encrypted using the 128-bit randomly generated Secret Key, which is also never transmitted to us. So there's an additional layer of security there as well.

    Indeed, when you use 1Password, AgileBits never has access to your data, regardless of the setup you choose. Even with 1Password.com, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Secret Key is created locally, your Master Password is only known by you, and neither is ever transmitted to us, only you have the means to decrypt the data.

    Suffice to say, if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker won't have that and can't get it from AgileBits, even if they get everything else. So while there's a lot more that goes into making all of this work smoothly, this is something that I think all of us can appreciate.

    And, apart from our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them.

    But, again, ultimately our best defense against the kinds of security issues you referenced is that we simply don't have what an attacker — whether a hacker or government agency — would need in order to access our customers' data. That helps us sleep at night, and hopefully it will do the same for you. So we're proud to say that we don't have the ability to compromise 1Password users' data in the first place. Otherwise we wouldn't use 1Password ourselves. I hope this helps. Be sure to let me know if you have any other questions! :)

  • AdamP, brenty,

    I appreciate your efforts to explain to me how my "family jewels" will remain safe if I open a 1Password Family account. I have a better sense that ALL of my data is encrypted in your db and is transmitted/received encrypted by my masterPW/secret key combination. All encryption/decryption is done on my device.

    Please let me know if my understanding of a typical interaction with a web login using 1P Family is correct:

    1. I log into 1P.com and enter my credentials. Question: Are the credentials sent encrypted using my master PW and secret key or just normal HTTPS protocols?
    2. I open a 2nd browser window to the real web target's login page.
    3. Using 1P, I fill in the target webpage credentials. The data comes to my device encrypted and is decrypted on my device.
    4. Login credentials are sent to target website using their standard HTTPS security protocols.

    Last question - can I use a VPN along with 1PW family?

  • AdamPAdamP
    edited April 2018

    Hi again @marklme. i'll take a stab at this again, and I know @brenty or someone else on the 1Password team will jump in and correct anything I got wrong, and/or add in some tidbits I've overlooked.

    Are the credentials sent encrypted using my master PW and secret key or just normal HTTPS protocols?

    I think the answer to your question here is that yes, it does use HTTPS protocol (TLS/SSL), but it isn't just that. There is another layer of security called Secure Remote Password (SRP) that 1Password uses to authenticate the transmissions back and forth. SRP works very cleverly without compromising your data or your Master Password in the process. There's a couple of blog posts that might interest you that I've linked to here (the first is a broad overview, and the second is aimed at developers, but has a lot more detail about the entire process). These mention Teams, but the process is the same for Families accounts.

    How 1Password for Teams protects your secrets

    How we use SRP, and you can too

    As far as the steps in the interaction goes, it seems like your scenario above operates entirely within the browser. In that case, you'd have to copy/paste between windows/tabs for each login. That said, you could launch the login in a separate window by opening a hyperlink for the site that would normally be in the login item in 1Password. This is probably a safer method actually, since it avoids typos that could possibly lead to a phishing site or the like.

    Of course, if you get the 1Password membership, you also get the apps included on as many devices as you want, and these, at least in my opinion, are much better than using the website for anything other than administration of your account. And not to belabour the point, but if you wanted to live somewhere in between, and you're using Chrome, you can use 1Password X, which is an extension that operates as a full-featured app from within the browser itself, so you'd get many of the same features as an installed app without the app itself installed on your computer.

    But the flow of it all looks correct to me. All the encryption/decryption happens locally. When you are logging into another website, you are at the mercy of their security, but they would only ever have any data that you pasted to that page.

    can I use a VPN along with 1PW family?

    As far as I know, VPN should not impact your ability to use 1Password in any way, as long as it doesn't restrict the traffic to the 1Password servers.

  • BenBen AWS Team

    Team Member

    All data is encrypted prior to transmission. We do not rely on the encryption of the communication channel (HTTPS/TLS) to protect your data (though that is also used). Our “umbrella bear” blog post explains this in further detail:

    Three layers of encryption keeps you safe when SSL/TLS fails - AgileBits Blog

    Last question - can I use a VPN along with 1PW family?

    I can’t guarantee compatibility with any particular client or service, but in general there is nothing about the 1Password service that should make it impossible to use a VPN. I personally routinely use the Encrypt.me VPN service. It is debatible whether there is any benefit to doing so for 1Password specifically, but some consider it good information security hygeine in general, and especially while connected to an untrusted network.

    I hope that helps!

    Ben

    P.S. Thanks for the assist, @AdamP. :)

  • Happy to help, @Ben. :)

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

  • OK, before I decide whether to "pull the trigger" and go with 1P Family I have a few more questions I hope someone can answer. Either answer here please or point me in the right direction to read an answer:

    1. What is the process for "importing" a standalone vault into 1P Family?
    2. What happens to my standalone vault after implementing 1P Family?
    3. I've had 1P standalone for several years. What is the "free trial" period for 1P Family?
    4. If, during the free trial period or after, I decide to revert to my standalone vault, can I do that? Can I "delete" the 1P Family account (and all associated data on your servers - both live and backups - and return to using my standalone vault as I do now?
    5. If I add or change data in a 1P family vault, are those changes replicated to a standalone vault?
    6. Do all members of a "Family" accessing a shared vault use the same master password or does each member have their own (unshared) password to access the shared vault?
    7. Scenario: Using either Chrome or Safari on a Mac laptop running Sierra, I wish to log into a website whose login credentials are stored in a 1P family vault (either shared or private). What is the most streamlined process for logging into the desired website?
    8. Same scenario as in question 7, but now on and IOS 11 device?

    Thank you for helping me evaluate whether 1P Family is right for me.

  • BenBen AWS Team

    Team Member

    Hi @marklme,

    Sure; I’d be happy to answer these.

    1. Move your existing 1Password data to a 1Password account
    2. The last step in the guide above is to delete your standalone vault
    3. 30 days
    4. Yes: How to move your data to a standalone vault to use 1Password without an account
    5. No
    6. The service is designed for each member to have their own account: Share passwords in 1Password Families
    7. This doesn’t work any differently than it does with your current setup
    8. See #7

    :)

    I hope that helps!

    Ben

  • I had the same questions, this post has helped tremendously, thank you to @marklme for starting it.

    I have one further question that I cannot see the answer to anywhere and that is about Family Sharing. Can I choose who to share with within the family and can I easily amend. My use case is:

    There are 4 in a family and we have some passwords or data that should be shared amongst all four, this is fine.

    Assuming I am 'admin'.

    Can I also share with any two or any three people rather then just the four in the family?

    If the answer to the above is yes, can anyone initiate a share? For example could I initiate a share of a password with my my wife but can my wife or children initiate a share of their own with each other without my intervention?

    Thank you for your help.

  • Hi @iwaddo,

    Sharing items is in 1Password is done via vaults. To make an analogy, imagine that what 1Password for Families gives you is not one single safe (vault) to keep your stuff in, but a room with as many of them as you want. You also have the tools to share some or all of them with each member of your family.

    "Out of the box", 1Password Families comes set up with:

    • a Private vault for each family member. Each person can view and edit items in their own Private vault.
    • a Shared vault for all family members to share. Everyone in your family can view and edit items in this vault.

    While the permissions for these vaults can't be altered by anyone, you can create other vaults to share with specific family members.

    Only a Family Organizer (basically admin for 1Password Families) can create vaults. You or whoever else you also designate as a Family Organizer (e.g. your wife) would have to create any extra vaults. As a Family Organizer, you can also grant access and permissions to all vaults (with the exception of the Private and Shared vaults).

    By default, any family member added to a vault would be able to view and edit items in that vault. This would mean that they could also create and delete items, and move or copy items to and from other vaults they have access to. While someone who hasn't been promoted to Family Organizer can't create a vault, they can share items with others by adding items to a vault that they and someone else can access. The sharing of items this way can be done without any further intervention on the part of a Family Organizer.

    I hope this helps,

    Adam
    (A satisfied 1Password for Families customer :) )

  • BenBen AWS Team

    Team Member

    Just to clarify what Adam said: while no one ever has access to anyone else’s Private vault it is possible to modify (or remove) the default Shared vault. If you do not want a family-wide shared vault that everyone has read & write access to, you can change that. Additional vaults can be created and shared with whichever family members you choose, as Adam pointed out.

    Also we highly recommend having at least two family organizers if possible / practical.

    I hope that helps!

    Ben

  • Sorry, I didn't realize that detail about the default Shared vault. I was under the impression that this one was immutable like the Private vault. My bad.

  • BenBen AWS Team

    Team Member

    No worries. I do this for a living and still manage to learn something new every day. :)

    Ben

  • :) Fair enough.

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

  • @marklme Hi, just curious, did you sign up?

  • brentybrenty

    Team Member

    I'm curious too, but I guess we'll have to wait and see if they want to post an update. :)

  • Thought I should update everyone. I'm still on the fence and have not taken any action. Despite all the information provided about the underlying encryption and security steps 1PW takes (thanks to all), I can't overcome my concerns that the bad guys often seem to be 1 step ahead. Just recently the "VPNFilter" router malware has the FBI very concerned, and while I have done all the FBI has asked in this regard, it's a perfect illustration why internet communications are vulnerable in many ways (specifically, man-in-the-middle attack). No, I'm not blaming the good folks at 1PW for the VPNFilter issue - just using it as a digital lesson that despite 1PW's best efforts, they can be subverted by technologies and issues totally beyond its domain. Who knows, maybe we've all been hacked and we don't even know it.

    Right now I'm leaning to just buying another standalone license for my wife's computer. In my darkest moods I almost believe we should all become digital hermits. ;)

  • brentybrenty

    Team Member

    @marklme: You're in good company, as we share those same concerns. Fortunately we don't have to become hermits, as there's a better way. With appropriate security measures in place, we can both remain a part of society. ;)

    One of the lessons we've seen learned the hard way time and time again over the years is that security is not absolute. A lot of times it seems like folks responsible for security just put a defense in place and call it done, but security is very much an ongoing process. They're depending on that security measure not failing due to new technologies, bugs, or human error. This reminds me of my experience with data loss. I had to learn the hard way that offsite backups are crucial, as failure can happen at any time. So I paid the price for having a single point of failure.

    But with 1Password.com, we've got a number of security measures in place, and are constantly monitoring, testing, and working to improve things in any way we can. For starters, 1Password.com doesn't rely on SSL/TLS for its security when data is being transmitted: it's encrypted locally on the user's device with "keys" that we never have, encrypted in transit by 1Password itself, and on top of all that SSL/TLS is used. So if that last part fails, the integrity of the secure channel is still protected. And of course only that encrypted data (which was generated locally in the client) is stored on the server, so that an attacker who steals it from us won't have the means to decrypt it; we don't have the "keys" for them to steal. So while person-in-the-middle attacks are generally something to be worried about since most services depend solely on SSL/TLS for secure communication (most often, the actual passwords or hashes of them are being sent; 1Password.com uses SRP so that account credentials are never transmitted), 1Password.com doesn't rely on that. It's just "icing on the crypto cake", so to speak. So, with 1Password.com, we sorta can have our cake and eat it too: security and convenience. :yum:

    Anyway, I hope that helps to make some of what makes 1Password different from other cases out there clearer. Be sure to let me know if you have any questions at all. :)

  • @brenty Very interesting to read the update from @marklme and your response. Whilst safe is clearly better than sorry, I have taken the plunge and started an account trial, so having made a start and overcome my initial security fear it is functional issues that will probably force me back to local vaults syncing with iCloud for my private vault and dropbox for family shared vaults.

    I've had a number of teething issues which are being addressed but my main concern is the way documents have been handled but there is plenty of discussion elsewhere so I will not start again here.

  • brentybrenty

    Team Member

    Very interesting to read the update from @marklme and your response.

    @iwaddo: I hope "interesting" in a good way! :lol:

    Whilst safe is clearly better than sorry, I have taken the plunge and started an account trial, so having made a start and overcome my initial security fear it is functional issues that will probably force me back to local vaults syncing with iCloud for my private vault and dropbox for family shared vaults.

    I'm a long-time Dropbox (and iCloud) user myself, so be sure to let me know if you have any questions coming from that.

    I've had a number of teething issues which are being addressed but my main concern is the way documents have been handled but there is plenty of discussion elsewhere so I will not start again here.

    If you do have questions, comments, or suggestions about Documents or anything else while you're evaluating 1Password.com, I'll be happy to to receive them — and I can split your posts off into a separate discussion if needed as well. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file