4-digit code and Dropbox questions

celerity
celerity
Community Member
Hi,

I am considering buying 1Password for Windows and iPhone/iPad. First, however, I have a couple of questions:

  1. How secure is 4-digit password on 1Password for iPhone? Is there a way to disable it? I am concerned someone might brute-force the code.
  2. What happens if I accidentally delete the Dropbox-keychain file? Will my data be lost?
  3. Is there a keychain backup copy stored locally on iPhone? Meaning, if my PC crashes and Dropbox is unavailable, will I be able to restore my passwords from the phone?
  4. Also, perhaps this question is somewhat similar to the one above, but, should I backup the keychain file manually (i.e external hdd) even if I use Dropbox?

Thanks in advance,

celerity

Comments

  • thightower
    thightower
    Community Member
    edited February 2011
    celerity wrote:

    Hi,

    I am considering buying 1Password for Windows and iPhone/iPad. First, however, I have a couple of questions:

    1. How secure is 4-digit password on 1Password for iPhone? Is there a way to disable it? I am concerned someone might brute-force the code.

    The iPhones 4 digit code allows you access to the apps, including 1Password. 1Password has a dual password scheme it has its own 4 digit code which should be different than your iPhone 4 digit code. Then all of you passwords are protected by a master password that you set this can be anything you choose. This Master Password ( MP ) is different from the password in your Widows version so it can be smaller and or larger the choice is yours, It can also be the same thing if you so choose

    1. What happens if I accidentally delete the Dropbox-keychain file? Will my data be lost?

    1Password has a built in backup mechanism, it creates a backup when ever the data file is changed. Dropbox also has the ability to restore files under 2 situations. If you have a free account and do not subscribe to Dropboxs packrat feature then there is a 30 day restore limit. Then is you subscribe to the packrat feature the restore feature is not limited. Any file can be restored from as far back as the beging of when you put files in your Dropbox. The packrat feature is only available on paid dropbox accounts from my understanding.

    1. Is there a keychain backup copy stored locally on iPhone? Meaning, if my PC crashes and Dropbox is unavailable, will I be able to restore my passwords from the phone?

    No there is no backup on the phone. The 1Password app has a backup program from the phone but its a manual type of thing.

    1. Also, perhaps this question is somewhat similar to the one above, but, should I backup the keychain file manually (i.e external hdd) even if I use Dropbox?

    I always suggest a good backup program. I personally use Crashplan its cross platform and it allows you to backup either to there servers (paid) or locally to another computer you own and or a network drive (free) check out http://www.crashplan.com



    Also a fellow member of the team khad, made up a description of the various passwords involved in 1P and I think his list may help you keep the meaning strait.

    There are a lot of passwords and codes to keep track of. (That's why you probably bought 1Password in the first place. ) I'll give a list of the ones common to this situation.

    iOS device passcode - used to unlock your iPhone or iPad when first turning it on
    This is unrelated to 1Password, but you will obviously need it in order to access your iOS device if you have it enabled (which we strongly recommend).

    1Password for iPhone unlock code - used to unlock 1Password for iPhone and gain access to low-security items and settings
    This makes it easier to switch back and forth between apps without having to type in a longer, more complicated master password every time.

    1Password for iPhone master password - used to gain full access to all 1Password for iPhone data
    You will be prompted whenever you are trying to access a high-security item (beyond the Auto-Lock timeout duration) or a setting that requires further authentication. Called "Master Password for iPhone" during Dropbox setup.

    1Password for iPad master password - used to gain full access to all 1Password for iPad data
    You will be prompted for this every time you launch 1Password for iPad.

    Dropbox password - used to login to the Dropbox application and website
    This is only related to 1Password insofar as it is required to access your data file for Dropbox-based syncing.

    1Password data file master password - used to gain full access to 1Password for Mac and/or Windows and 1PasswordAnywhere
    This can be thought of as the "main" password. All your data can be accessed with this password. Even if you lose your iOS device(s), you can set up Dropbox syncing on a new device using this data file and password. You are only prompted to enter it on your Mac or Windows computer and when accessing 1PasswordAnywhere. If your 1Password for iOS master password is different than this password, you will be prompted to enter it when setting up Dropbox syncing on your iOS device, otherwise, you will not be prompted for this anywhere in 1Password for iOS. Called "Master Password on Mac or PC" during Dropbox setup.

    All of these passwords are set independently, so it is up to you if they are all identical or unique. We recommend always using unique passwords for everything, but the choice is yours.

    If you have entered an incorrect 1Password for iPhone unlock code when opening 1Password for iPhone, there is a timeout displayed on the screen: "Wrong Unlock Code: Please try again in 1 minute." The timeout duration increases with further failed attempts.

    If you have entered an incorrect iOS device passcode, there is a different timeout displayed on the screen: "iPhone is disabled try again in 1 minute." This timeout duration increases with further failed attempts as well.

    Thanks to khad for this well thought out glossary
  • celerity
    celerity
    Community Member
    Thank you thightower! I'm not sure I understand the difference between 1Password for iPhone/iPad master password and 1Password data file master password though.

    thightower wrote:
    No there is no backup on the phone. The 1Password app has a backup program from the phone but its a manual type of thing.

    Can't I just transfer the locally stored keychain on my iPhone back to the PC? Surely the database must be available as temporary/offline file if there is no internet connection. Isn't the keychain normally saved on three locations (local Windows <-> online Dropbox <-> local iOS)? Or am I missing something?
  • thightower
    thightower
    Community Member
    Ill let one of the more techie types answer this question but from what I know about the setup I don't think this is possible to transfer from one to the other.

    Dropbox and the 1P app use the .agilekeychain format , I cant speak about the iPhone but I think it is designed differently again from what I understand.
  • khad
    khad
    1Password Alumni
    edited February 2011
    1Password for iOS uses a different data format to fit better within the constraints of the iOS environment. Setting up Dropbox syncing will perform the "translation" on the fly and keep everything up to date across 1Password on all your Macs, PCs, and iOS devices. :-)

    You can use 1Password's built-in Backup & Restore feature on your iOS devices if you want to manually backup the data. But why you would want to do that instead of setting up fully automatic, nearly instant syncing and offsite remote backup via Dropbox syncing is beyond me. :lol:

    The 1Password for iPhone/iPad master password is the password you chose when you set up 1Password on your iOS device.

    The 1Password data file master password is the password you chose when you set up 1Password on your Mac or PC.

    Some users prefer to have a simpler password on the virtual keyboard in iOS, so they do not have to be the same.

    I hope that helps. Please let me know. :-)

    Cheers!
  • celerity
    celerity
    Community Member
    khad wrote:

    1Password for iOS uses a different data format to fit better within the constraints of the iOS environment. Setting up Dropbox syncing will perform the "translation" on the fly and keep everything up to date across 1Password on all your Macs, PCs, and iOS devices. :-)

    OK!

    You can use 1Password's built-in Backup & Restore feature on your iOS devices if you want to manually backup the data. But why you would want to do that instead of setting up fully automatic, nearly instant syncing and offsite remote backup via Dropbox syncing is beyond me. :lol:

    No, no, I will be using Dropbox! :) My concern is whether that is ENOUGH as backup. For instance, if someone hacks my PC and Dropbox-account and deletes ALL files, will my keychain be safe on the iPhone?

    Some users prefer to have a simpler password on the virtual keyboard in iOS, so they do not have to be the same.

    Isn't that rather dangerous? A chain is only as strong as its weakest link after all. Having a strong password on Windows gives you nothing if your iPhone is compromised.
  • khad
    khad
    1Password Alumni
    edited February 2011
    …if someone hacks my PC and Dropbox-account and deletes ALL files, will my keychain be safe on the iPhone?

    Yup. :-) Just disable Dropbox syncing in 1Password on your iOS device(s) immediately upon losing your computer, etc.

    Isn't that rather dangerous? A chain is only as strong as its weakest link after all. Having a strong password on Windows gives you nothing if your iPhone is compromised.

    True, but also consider that an attacker would have to have physical access to you iOS device, bypass your iOS passcode lock, bypass your 4-digit unlock code in 1Password, and finally enter the master password in 1Password in order to access your data in that manner. I would never encourage anyone to use a shorter, simpler password than what they are already using, but we do make the option available for you to make your own decision regarding the security/convenience of 1Password on your iOS device.
  • celerity
    celerity
    Community Member
    Thanks for your help! :)
  • khad
    khad
    1Password Alumni
    Glad to help! :-D

    Cheers,
This discussion has been closed.