Deadlock if Dropbox password stored in 1password?
hi,
I sync 1Password across my iPhone, iPad and Windows 10 laptop via Dropbox. I currently also store my Dropbox password (and Dropbox two-step verification backup codes) in 1Password. It struck me that were I to lose access to lose access to all three of my devices (yes, this is unlikely but could happen e.g. while travelling), I wouldn't be able to recover anything. I could reinstall 1Password on a new device, but because my Dropbox password is in my 1Password.opvault on Dropbox I'd have a deadlock. (I couldn't recover the Dropbox password because the password to the email address associated with Dropbox is also stored in 1Password)
- Is the scenario I describe valid or have I overlooked something?
- How could I mitigate this? Should I memorize my Dropbox password and not store it in 1Password?
1Password Version: 4.6.1
Extension Version: 4.6
OS Version: Windows 10
Sync Type: Dropbox
Referrer: forum-search:dropbox
Comments
-
Yes, one can get caught in a vicious circle in the kind of situation you describe.
There's no harm in storing your Dropbox password in 1PW, but you do also need to memorise it. The best way to do that is to create a password for Dropbox using the Words option in 1PW Password Generator. Then it should not be too difficult to remember the sequence of words and still have a strong password.
0 -
Hi @hzs998,
The scenario you're describing is perfectly valid. As much as we would love for everyone to only have to remember a single password (your 1Password Master Password)... in reality most users need to remember 3 or so. If you're syncing with Dropbox, then your Dropbox password would be one of those.
Rick
0 -
Thanks for the confirmation. Perhaps you should also indicate this in your guide on syncing with Dropbox as there are probably others who may not immediately realize the risk of saving your Dropbox password in 1Password in the sync scenario.
https://support.1password.com/sync-with-dropbox/0 -
@hzs998: Saving your Dropbox login credentials isn't risky; forgetting your Master Password or losing your data is, and unfortunately neither of these are limited to this scenario. However, there are steps you an take you mitigate that:
- Backup your data (Dropbox, or any other sync method, are not a backup) — preferably locally and offsite, while we're talking about mitigating risk.
- Create an emergency kit with your Master Password and store it in a safe deposit box or safe.
- If there are specific passwords you'll need to memorize and/or enter manually on occasion, use the Words option in 1Password's strong password generator to make them memorable and readable.
- And, following on 3, store these in your emergency kit as well, especially if they're needed to get back into important data.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
@brenty thanks for the additional guidance. Your tip about backup is especially an important one and I do hope you update your How to sync 1Password with Dropbox guide with these pointers so people are set up correctly from day 1.
I am a bit confused about your statement that "Saving your Dropbox login credentials isn't risky". I think it certainly would be risky if the scenario I have described above in my original post holds (it wouldn't be risky only if the password is additionally also memorized).
0 -
@hzs998: Memorized or stored somewhere secure for an emergency. Mine is word-based simply because, as you mentioned originally, I may have to read and enter it manually to get into my account if I don't have access to it in 1Password on any other devices. It's a bit of a stretch, that I'd lose all of them, but better safe than sorry! :)
0
