Windows / Microsoft and 1Password Accounts

MS reserves the right to any and all files on our devices. From my point of view, they do not care about user privacy and do everything in their power to snoop on their users (for their search engine and business oriented based data collection).

@ravensword: This isn't quite accurate, but certainly it isn't always clear either, so I get where you're coming from. You touched on this with your question:

Can Windows/Microsoft read the 1password file at all or is it encrypted?

While it can sometimes be difficult navigating Microsoft's policies and Windows features, the good news is that anything you store in 1Password is encrypted using your Master Password. 1Password does not rely on things like BitLocker for its security. To be clear, BitLocker is a great security feature, but I also like to be fully in control of the "keys" to my data, so I prefer the way that 1Password works in this regard.

One thing I'll add is that you may want to consider moving to Windows 10. I've found that I get better performance there on the same hardware in most cases, and, paradoxically, while Windows 10 introduced a lot of the telemetry/usage tracking, much of which has since been added to Windows 7 and 8.1, Windows 10 actually gives you a lot of granular control over this stuff. That was not always the case, but it's something Microsoft has improved a lot in recent years due to user feedback. So while I disagree with their initial approach, they have been very responsive and that has made me feel comfortable there.

My 1password account syncs only selected passwords I've copied or moved to my Windows device. As such there are two different 1passwords (one for my Apple devices and one for my windows machine which is unusually long and very hard for me to remember (mostly because the 1password account is website facing). I have had to keep a text file on my windows desktop which I know isn't secure even if its a private machine only I can access.

I'd definitely recommend using your 1Password.com account across the board, and with a single long, strong Master Password. That's not only secure, but more convenient since you won't have to juggle multiple Master Passwords or different data being sync'd via different methods.

However, if you still prefer to compartmentalize things on the PC (though I'd be interested to hear why in light of the rest of this discussion), you could always setup a local vault there where you copy only some of the data from your account, and then sign out of the account completely on that computer. Happy to discuss that further if you wish.

Does the account key provide enough security that we can keep our 1password password shorter? (Eg. 8 to 12 characters instead of 26 or whatever).

I apologize that I'm not going to answer your actual question here, but we do not recommend using a weaker Master Password for any reason. The Secret Key (formerly Account Key) is designed to protect your data from brute force attacks against your Master Password in the even that the database is stolen from us. So it should not be treated as a substitute for a good Master Password. After all, the Secret Key will not be required to access your data on a device you've already authorized, so, as a practical matter, your Master Password is still the most important factor in the security of your data. Instead, using a single Master Password will make it easier to remember and get used to typing it effortlessly. I think it's important to consider it in those terms instead, not only for security but also to not make things harder for yourself than necessary.

Anyway, I hope this helps a bit, but please let me know if you have any other questions! :)

Hi @ravensword,

On behalf of Brenty you are very welcome! Please let us know if there is anything else we can help you with, we are here for you.

Thanks!

++
Greg