My husband's phone was lost/stolen. We sync in Dropbox. Help.
I saw the direction to unlink his device from the dropbox account, but when I log in to Dropbox>Security, his device(s) are not there. Can't figure that out.
1Password Version: 6.8.5
Extension Version: Not Provided
OS Version: 10.13.2
Sync Type: Dropbox
Referrer: forum-search:lost phone with family share
Comments
-
If your husband's device isn't listed on the Dropbox security page then he probably forgot to sync/link 1Password to Dropbox.
This is a bit unfortunate because it means that if his phone wasn't synchronising properly, either because of his own mistake or an issue with Dropbox, then he may have lost access to all his passwords. :(
When he gets a new phone he'll be able to download 1Password again and hopefully there'll be a 1Password database on his Dropbox. Another way of checking is by looking at the Dropbox account and seeing if there are any 1Password files there and, when they were last updated. Just makes sure you do not edit those files in any way.
This is one of the reasons why 1Password.com accounts are recommended to users. They take care of backing things up without the need for Dropbox. It also allows a lost or stolen device to be unlinked from the 1Password servers.
It may be small comfort to you both that:
- If he's got a screen lock then the thief would need to bypass this first before even seeing 1Password.
- His 1Password database is useless to the thief. Without the master password it's extremely secure.
He should report his phone stolen as soon as possible to the phone company. Most thieves will just wipe the phone and sell it on.
Sorry to be the bearer of bad news.
0 -
Thank you. His device was synching and the database will be there. We have a family account and we share access to all vaults. I took him off as an organizer, moved his items to a new vault (that only I can access) and deleted them from the shared vault and his vault. My logic was that even if someone bypasses his screen lock and his master password, they could not access the vaults that now hold the information. I also changed key passwords (banking, credit card, etc.). Hopefully this will make things extra secure. I guess if someone were able to bypass both the screen lock and his master password, they would see the data downloaded on his phone, but if they connected to the internet, the sync would soon institute my changes and make their access quite restricted. Hope I am thinking correctly here. I didn't report it stolen to the carrier, so I will do that.
0 -
If somebody bypasses his screen lock, without triggering the device wipe (after incorrect PIN tries), then it'd be a miracle if they could bypass the master password.
I guess if someone were able to bypass both the screen lock and his master password, they would see the data downloaded on his phone, but if they connected to the internet, the sync would soon institute my changes and make their access quite restricted.
This is true but it also exposes you to a security risk.
If this highly unlikely hypothetical scenario were to occur then the thief - who'd have to be very interested in your husband's phone and a technical genius - would have access to your Dropbox!
If the thief doesn't connect to the internet then it wouldn't sync
If you block the SIM with your carrier then he'd need to sync over WiFi
Realistically, if anything, you should change your Dropbox password because otherwise he's got access to that. And if somehow he 'guessed' your 1Password master password then he'd just download your new store of data!
Anyway, don't worry about it. 1Password is secure enough to thwart this sort of attack. I'm pleased to hear that you've not lost any of your data.
Definitely report it stolen because many carriers will hold you liable for any calls/texts made from the stolen SIM until it's reported to them.
0 -
Thanks - yes, I reported it stolen because of your post. Gracias again.
0 -
You mention "organizer". Does this mean you have a family subscription rather than a license?
If so, you might be using AgileBits' 1password.com sync service instead of Dropbox?
Or do you intentionally still use Dropbox?
0 -
I am asking the same questions that @XIII did.
You mention "organizer". Does this mean you have a family subscription rather than a license? If so, you might be using AgileBits' 1password.com sync service instead of Dropbox?
"Organizer" is throwing off a lot of whistles and bells screaming hey, 1Password.com account.
Also if you have iCloud, find my phone and or the Google version of it why not just remote wipe it ? * Be warned once you do it there is no going back. If your using iOS and the phone is recovered you can restore it from iCloud, or a local backup.
@darrenNZ : If your husband's device isn't listed on the Dropbox security page then he probably forgot to sync/link 1Password to Dropbox.
1Password uses the Dropbox API to sync and does not use the official app to sync on the mobile device. You would see 1Password listed on the connected apps page. https://www.dropbox.com/account/connected_apps which lists all apps syncing thru the API.
Only the devices (mobile, and desktop) linked to Dropbox using the official Dropbox app show up on the security page. Basically this page is just for Dropbox. aka it shows Devices you use that, are linked to the account via a Dropbox app or web browser session.
@HappyArizonan said : His device was synching...
or possibly... as were hypothesizing above they have a 1Password.com account
@darrenNZ said: Realistically, if anything, you should change your Dropbox password because otherwise he's got access to that.
Not a bad idea but one problem, doing so will not stop someone from using the Dropbox app on the phone or the desktop. Because the Dropbox app is linked via a security token and not a password. This is why I can change my password all day long and my desktop or mobile apps will never, stop syncing.
To stop syncing you would need to invalidate that token. Which you would by visiting the security page and unlinking the device.
- However there are several caveats to that, if you have a paid account with Dropbox and your plan includes remote wipe. You would use that feature to remove the files from the device. If you unlink first Dropbox has no way to send the commands back to the device to remote wipe it.
0 -
@HappyArizonan: I don't have a lot to add here, and I also know this is a lot to consider, but I just wanted to let you know we're here if you have any questions at all. Happy to help. :)
0 -
Thanks. I feel pretty comfortable with the steps we have taken. It was good advice to contact the carrier. Life is complicated!
0 -
Indeed, I wish it were simpler, but a little precaution can get us a lot of peace of mind. Cheers! :chuffed:
0
