Dropbox Security

akirale
akirale
Community Member

We are syncing our 1Password vault through Dropbox. Since the Dropbox employees have 100% complete access to all of our files, how can we prevent them from hacking into our 1Password file? And how could we ever possibly know with 100% certainty that they HAVEN'T ALREADY hacked into our 1Password file?? We have all sorts of important financial information & important notes stored within our 1Password file -- it could be potentially devastating to our lives if someone were to gain access to this information. We already have an incredibly lengthy & strong master password which is about 80 random characters long, but passwords don't usually stop hackers. How easy is it to crack open this file?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2018

    @akirale: Thanks for reaching out. Great question! While matters of security are often very complex, this has a very straightforward answer: your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data. 1Password is secure by design, not by chance.

    To expand on that though, 1Password's security — which is built on AES encryption — has not, to date, been "hacked", so neither will your data have been. "Hacked" implies a fundamental weakness that can be exploited by attackers to use as a shortcut to break security or work around it.

    But there is one way that any attacker can get into your 1Password data: guessing your Master Password. Use a weak one, and it will be easy for a computer to guess, if not a person (monkey123 is very popular...)

    That sounds scary, but if instead you use a long, strong, unique Master Password, you have nothing to fear. Not only will it be incredibly difficult for someone to guess it in the first place, even with the use of technology, but 1Password uses technology of its own to slow down guessing considerably.

    Now, you're probably wondering about my earlier statement that "any attacker can get into your 1Password data". It's true, as it's only a matter of time. But by using strong encryption and slowing down guessing even further, this pushes the timeline for when a good Master Password can be guessed by far out into the unforeseen future, like on a cosmic scale. So while it's isn't impossible for someone to break into your 1Password data, they will find it infeasible (to put it mildly) if you do your part while 1Password does its own.

    Your Master Password only won't stop an attacker if you give it to them. Otherwise they'll have to spend more time and resources than anyone has today trying to guess it.

    I hope this helps. Be sure to let me know if you have any other questions! :)

This discussion has been closed.