Opting out of iCloud backup in Settings.app
My philosophy (shared by many now) is that if you can remember your password, that password is not strong enough to protect you on the web.
The most important password in the 1Password system is the user's 1Password master password, which the user has to type many time a day and has to remember. On the iPad the added annoyance of having to shift keyboard layouts to enter non-alpha characters, means that users will tend to rely on a master password consisting mainly of alpha characters.
If the master password is long enough and it is not subject to internet attack, then an adequately long password probably suffices.
The problem is two-fold:
- Agilebits encourages users to sync using DropBox or iCloud, which means their data theoretically could be subject to internet attack;
- More importantly, BY DEFAULT when 1Password for iPad/iPhone is first installed, IT DEFAULTS to backing up 1Password data to iCloud (hidden in the IOS Settings app, iCloud section), even if the only sync choice made in the 1Password app itself is to use wifi sync (and not DropBox or iCloud sync). This is a really bad choice of a default by Agilebits.
If iCloud is ever compromised (and we hear of one internet service after another being hacked each week) then a user's 1Password data file is a very rich target that is generally being protected by a password that a human can remember and can be easily typed many times per day on an iPad keyboard.
If I'm not explaining this clearly enough, I'll be glad to reiterate. If I am clear and Agilebits still thinks their choice of defaults appropriate, I have to seriously question their design judgement overall for this extremely critical program.
Comments
-
Have you read the AgileBits blog post about constructing safe passwords that you can remember? The basic version is here. There is a geek version in the blogs too. I've found this very helpful, and I now have a Diceware master password for my 1Password data now.
0 -
Hi @ no_clouds_please,
Thanks so much for providing your thoughts here. I am so glad you are thinking strongly about the security of your data - thats what we like to see!
I did just want to elaborate a bit on cloud security here. We are very confident about storing 1Password data in the cloud, as your data file is encrypted with an exceedingly secure encryption algorithm called AES. Even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your Master Password. In short, we believe it is just as secure as having the data on your laptop. To learn more about cloud data security, have a read through the following article.
http://help.agilebits.com/1Password3/cloud_storage_security.html
And you can see the thoughts behind our data format's design here.
http://learn.agilebits.com/1Password4/Security/keychain-design.html
Also, you can check out our blog for many more articles that go into the nitty gritty math behind what makes 1Password so secure.
http://blog.agilebits.com/tag/cryptography_/
You are correct though, it does all come down to your Master Password - the best protection for your 1Password data is a strong and unique Master Password. :) The blog post that @hawkmoth mentions does a great job of explaining just why Diceware passwords are a good choice for memorable and secure passwords.
If you have any further questions, we'd be happy to help! :)
0 -
In addition to what Megan and hawkmoth have already said, please be sure to read our recent blog post about the end-to-end encryption 1Password provides. A couple important points from the post:
- Your 1Password data cannot be decrypted without your Master Password. If someone steals your 1Password data – whether from the theft of your own computer or through the breach of a sync service – they cannot decrypt it.
- 1Password uses what is called “end-to-end” encryption. 1Password on your computer or mobile device encrypts your data with keys that are derived from your Master Password. Those keys are never stored anywhere or transmitted. Nobody, not even us at AgileBits, ever see those keys or your Master Password. This is why it absolutely essential that you don’t forget your Master Password. We cannot reset it or reconstruct it. Your data can only be decrypted by you.
We designed 1Password this way from the outset because we knew that computers get stolen and services get compromised. By placing all encryption and decryption under your control, we become far less reliant on the security of any sync service.
If you have any doubts about the strength of your Master Password, the aforelinked "Toward Better Master Passwords" blog post provides our recommended method for creating strong, memorable Master Passwords. If you are interested in the math behind Diceware, we have a blog post which explains that as well.
Of course, the one of the best ways to show just how strongly your data is protected is to pit 1Password against the pre-eminent password cracking tool John the Ripper. We did exactly that. In that post you will also find a chart which outlines the mean time to crack for Diceware passwords of specific lengths. I'll include the chart here for your convenience.
All that said, the next version of 1Password 4 for iOS includes a method for opting out of iCloud sync during the initial setup process. It is already in beta testing, but I can't give a time frame for a specific release date.
Please let us know if you have any other questions or concerns. It is great that you are thinking about these things.
Cheers!
0 -
I have 1Password in my iMac + iPhone + iPad , All synced via iCloud ...
I don't use iCloud backup at all ,
Can I delete old iCloud "1 Password" Backups as I think that iCloud is only for syncing not backup ?..
Thanks
0 -
Thanks everyone for replying. The major kvetch in my post was this point, which was not addressed:
"BY DEFAULT when 1Password for iPad/iPhone is first installed, IT DEFAULTS to backing up 1Password data to iCloud (hidden in the IOS Settings app, iCloud section), even if the only sync choice made in the 1Password app itself is to use wifi sync (and not DropBox or iCloud sync). This is a really bad choice of a default by Agilebits."
Here's my reasoning: imagine a situation where someone has a so-so password for 1Password on their Mac that was good enough for a desktop computer in their home. They install 1Password for iPad. They use wifi sync and figure they'll up the strength of the master password in the next few days before the iPad leaves the house. They plug their iPad in for the night and Apple automagically sends their 1Password data file to iCloud for backup, because they never saw that by default installing iPad 1Password turns on data backup for 1Password, in a not so obvious setting in Settings App.
A user should not have his data sent to iCloud backup without his awareness and consent. That's my major point and I think Agilebits should change that default. Thanks for your responses.
0 -
I should note that the subject of this thread was changed by the admins. My major point has to do with backup to iCloud being turned on by default, not with synching via iCloud.
0 -
I should note that the subject of this thread was changed by the admins. My major point has to do with backup to iCloud being turned on by default, not with synching via iCloud.
I changed the forum thread title so that it was easier for folks to find when searching for the same issue. The idea is to keep all the discussion for a single topic in the same thread.
The major kvetch in my post was this point, which was not addressed: "BY DEFAULT when 1Password for iPad/iPhone is first installed, IT DEFAULTS to backing up 1Password data to iCloud…"
From my post above (further emphasis added):
"[T]he next version of 1Password 4 for iOS includes a method for opting out of iCloud sync during the initial setup process. It is already in beta testing, but I can't give a time frame for a specific release date."
0 -
Settings App, iCloud data backup for 1Password ON: is this integrally related to iCloud sync? I don't know, just asking! I didn't turn on iCloud sync in the 1Password App itself. I used wifi sync.
0 -
As far as I know, Settings.app > iCloud > Storage & Backup > Manage Storage > Documents & Data is not something apps can opt out of themselves. Only the user has the control to exclude specific apps there.
0 -
The iCloud backup of your device is not related to 1Password's iCloud sync. I think the others here (and myself originally) misunderstood your request. You do kinda bring up a good point though. For someone cloud averse and using local wifi sync, their 1Password data may still be stored in iCloud in the form of a device backup. I've never thought of this before, and some people may unknowingly be storing their data in iCloud.
With that said, I've never seen an app that doesn't automatically backup to iCloud, so don't think a developer can control that. Quite sure the user must opt-out of it. [edit: like @khad said before me] And for most users, it's probably best that iCloud backups are enabled anyway. If someone was to wipe their device then restore from iCloud, they wouldn't be happy to find out that they lost their 1Password data because it wasn't set to backup.
You definitely bring up a good point though, @no_clouds_please. Some users syncing with wifi may not even think that their data is in iCloud anyway. Though if you're backing up your device to iCloud in the first place, you must have some trust in it because there's lots of other personal data on your iPhone or iPad.
0 -
I do understand your concern @no_clouds_please, but I do not foresee us turning off default backups. The substantial risk of people losing access to their own data is enormously greater than the risk of an attacker cracking a decent Master Password of data captured from Apple's iCloud service.
Let me expand a bit on the end-to-end encryption point that @khad made. The table of crack times that he posted is based on trials against the Agile Keychain format. The data format used in 1Password 4 on iOS that is backed up is much tougher, particularly because we use HMAC-SHA512 within PBKDF2 which entirely defeats a large class of GPU cracking accelerations. We won't have actual estimates of crack times until the developers of cracking software publish benchmarks, but what I hear from them informally is that we have made their task enormously more difficult.
You can, of course, go into your phone settings and turn off the iCloud data backup and storage. But please do make sure that you are making good backups of your data through other means. "Data Availability" is an important part of data security.
Of course we do want you to have control over your own data, so I certainly understand your disappointment (anger, perhaps?) at discovering that these backups were made without your consent, but we are balancing that out against the risks of data loss if we don't automatically back things up. So this may not be the answer you were hoping for, but I do hope you will at least understand our decision even if I'm not going to persuade you that it is the right decision.
0 -
Hi @ronen,
I've merged your post with an existing discussion, since you seem to be asking a similar question here.
Can I delete old iCloud "1 Password" Backups as I think that iCloud is only for syncing not backup ?..
Can you tell me exactly where you are seeing these 1Password backups? Go to Settings.app > iCloud > Storage & Backups > Manage Storage and then tap the backup labeled This Device. You'll see the backup options. That means it is including all app data for 1Password if it is toggled on. If you mean that you are seeing 1Password data in the Documents and Data section, this is your sync data.
As jpgoldberg says above, if you do have iCloud backups enabled for your device, there is no way to exclude 1Password from this backup.
0 -
Hi.
Sorry but I didn't understand.
I'm only syncing via iCloud between my iMac - iPhone - iPad.
In NOT backing up to iCloud , all my backups is through my iMac.
In My iOS devices ( iPad and iPhone ) prefrences I see two 1Password mentions :
1. In : Settings.app > iCloud > Storage & Backups > Manage Storage > backup labeled This Device
2. 1Password data in the Documents and Data section.
So I think that the first place contain the 1Password app
And the second place contain the sync data
Am I right ?
So I can't change these prefrences ...
Thanks.0 -
Hi @ronen,
If you are syncing via iCloud, the onepassword data must remain in the Documents and Data folder. (If you delete it, 1Password will re-create it again when it syncs.) If you do not want to backup any data via iCloud, please make sure that the 'iCloud Backup' toggle is switched off in Settings.app > iCloud > Storage & Backup. :)
0 -
Thank you !
0 -
I'm still not comfortable that my data file was once backed up to iCloud without Agilebits disclosing this fact PROMINENTLY. I turned off that setting ASAP, but how do I know that Apple isn't still storing that file?
0
