Can I delete the vault stored online in my 1Password account
I just made the upgrade to the 1Password account. My head is swimming with thoughts, because so much of this process was unclear, but at this point I guess I just want to know if the vault that was created in my 1Password Account can be deleted? I copied my 1P6 locally based vault to my online account at time of download, because, as I said, I was unclear of exactly what I was being prompted to do. I really would prefer to not have that data accessible by web. I know your literature and forum support says that this data is impregnable, but I just really fail to see how.
To be clear, I want to not only remove the option to access my "Personal" vault on each of my client machines (I believe I understand how to do that), but I also want my vault completely purged from my 1Password Account so it only exists in my dropbox.
1Password Version: 7.0.7
Extension Version: 4.7.2.90
OS Version: OS X 10.13.6, Windows 10, Windows 7, iOS 11.4
Sync Type: Dropbox
Comments
-
@rdwhitenack - thanks for writing in.
I just want to know if the vault that was created in my 1Password Account can be deleted?
Certainly. You can delete it yourself by signing into your 1password.com account in a browser, clicking the Settings link in the right sidebar, and finally the Delete link at the bottom of the page.
Having said that, a couple of things you said struck me:
I really would prefer to not have that data accessible by web.
Good news: it isn't. The only thing stored on the 1password.com servers is an unreadable (by human or machine) blob of ciphertext. Your actual data is never transmitted "over the web" in readable format. The data stored on our servers is protected by your (hopefully long and strong) Master Password, as well as your Secret Key. Those two secrets are never transmitted to us; all en/decryption is done client-side, in your browser or your 1Password app, so that only encrypted, unreadable data is sent to us.
I know your literature and forum support says that this data is impregnable, but I just really fail to see how.
I don't think our literature ever says "impregnable," but here’s a good overview of exactly how we protect your data in "the cloud," which includes the 1password.com service but also other sync methods we offer for standalone data. If you want our most complete security run-down, there's our full-scale security white paper. But the final bit of what you said that struck me was this:
I also want my vault completely purged from my 1Password Account so it only exists in my dropbox.
If you have standalone data and you do not sync it at all, then - and only then - does your data remain only on your device. But the minute you use one of our 3rd party cloud sync providers like iCloud or Dropbox -- as you indicate you did -- you're essentially doing the same thing that we do with the 1password.com service. As soon as you put your OPVault sync keychain in your local Dropbox, the Dropbox sync engines copy it to their (Dropbox's) servers, and your data is "accessible by web." That's how all the 1Password cloud-based sync services work: 1password.com, Dropbox and iCloud.
And 1password.com, primarily but not exclusively through the use of the Secret Key, is even stronger than the Dropbox setup you've already trusted your data to. You're of course free to choose whatever method of using 1Password seems best to you, I just wanted to make sure you were aware you're already using "the web" to store your data.
0 -
You pointed out a definite flaw in my thinking with how my passwords are saved. Using a third party, in this case Dropbox, really is no safer than relying on 1Password's servers. My concerns were illogical, at least in how I phrased it. I think my hesitancy is better described by saying that I'm uncertain of how confident I should be in trusting 1Password with all of this data. My uncertainty was fueled at the time of my original post by some frustration that I had to switch to a pay-by-month model. I thought the $50 I paid for 1Password 4, although a stupendously great deal for me, would be for life. My frustration lead to distrust, but I think I'm over that now :)
As far as data security goes, I know you're a much different company, but I imagine Target, Equifax, Home Depot, and many other companies have had breeches of security that they previously promised was securely stored. A breech of data in 1Password, would probably be life altering, so I hope you understand hesitancy, or questioning.
Thanks for your reply, it's been a while since I came back to view the response, but appreciated nonetheless.
0 -
@rdwhitenack: I'm sorry for the confusion you experienced there. I'm glad you reached out so we could help! :)
Indeed, while a license for, say, 1Password 4 never expires, most of us aren't using the same OS and apps (or devices!) we were going back 5 years or so. So although you could continue using that, especially for software you rely of for data security I think it is important to stay up to date. I'm glad that Apple includes OS updates (to a point) in the cost of their devices, because it's one less thing for me to worry about. And while a little bit different (we don't sell 1Password appliances), I like that everything 1Password is included in my 1Password.com membership, so I don't have to worry about figuring out upgrades, or using 1Password on other devices (my family as well).
Regarding data breaches like the ones you reference, while those are certainly things we should all be concerned about, there's a fundamental difference with how 1Password works compared to the way most companies/services/websites operate: everything stored in your account on our server was encrypted on your device locally before being sent to us, and the "keys" to decrypt that data are only ever possessed by you -- the Master Password is a secret of your choosing, and the Secret Key was generated on your device during account creation -- and are never transmitted to us. In most other cases, account credentials and data are stored on the website, protected only by authentication, so that someone who gets an admin's account can access others. After all, our server could be attacked someday, and we need to ensure that doesn't result in 1Password users' data (ours too!) remains safe.
Hopefully that helps ties things together, and if you ever have other questions or concerns, we're here for you. :)
0
