Questions about the security of 1Password

alantcy
alantcy
Community Member

Hi,

Been an avid user of 1Password for quite a few years now.
With the increasing reliance on the app over the year, i begin to have some concerns about 1Password's infrastructure and what it has in placed to protect customer's data.

I'm sure some of the questions here might have been asked before but please bear with me.

1) If the 1Password servers ever go down, are we still able to access our Vault?

2) If our Vaults ever get wiped out on 1Password servers ie. hacking, will we still get our data back?

2a) Following the question above, if the Vaults were to be permanently deleted/unrecoverable, does that mean our devices will sync down an empty Vault the next time we connect.

3) Do we have an option to export our Vaults into a file ie. .csv for backup/safekeeping?

Thanks,
Alan


1Password Version: Current version
Extension Version: current Chrome & Firefox
OS Version: macOS, iOS, Win10
Sync Type: 1Password

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @alantcy: Thanks for reaching out. Happy to answer your questions! :)

    1) If the 1Password servers ever go down, are we still able to access our Vault?

    Yep! You can test this yourself by putting your device into "airplane mode" or something similar. When you sign into your account, the data is cached on the device so that it's accessible regardless of whether or not you have a connection. :sunglasses:

    2) If our Vaults ever get wiped out on 1Password servers ie. hacking, will we still get our data back?

    In order for data to get truly "wiped", someone would need to do a lot more than trip on a cord or "hack" into a single machine, as 1Password is not a single server but many, with redundant and versioned backups as well. And we monitor all of it around the clock. So the likelihood (and difficulty) of "accomplishing" such a thing is not to be understated. However, if all of 1Password were wiped off of the face of the earth, you'd still have the local copies of your data in the app on any of the devices you use 1Password on. So you wouldn't actually have lost anything (though we would have). :glasses:

    2a) Following the question above, if the Vaults were to be permanently deleted/unrecoverable, does that mean our devices will sync down an empty Vault the next time we connect.

    No. Your device would still have the newest version of the data, and would not get any updates from the server, since none exist -- again, assuming that only the encrypted data was deleted from the server, but the server was somehow still functional.

    3) Do we have an option to export our Vaults into a file ie. .csv for backup/safekeeping?

    You do:

    https://support.1password.com/export/

    I'm not sure how useful it will be when the zombie apocalypse is upon us, but it's better to be safe than sorry, right? Cheers! ;)

  • alantcy
    alantcy
    Community Member

    @brenty that puts my mind at ease! :)

    Syncing technologies generally go by latest timestamp when comparing files <--- may be more complicated than that so I could be wrong.
    I was actually more concerned that, for whatever reason, 1Password app on my device would sync down an empty vault if all data on the server were to be deleted.
    Hence assuming that the encrypted data was deleted from the server, the copy on my device should restore back to the server, right?

    Thanks for your reply! :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2019

    @alantcy: You're welcome! I'm glad I could help! :chuffed:

    Syncing technologies generally go by latest timestamp when comparing files <--- may be more complicated than that so I could be wrong.

    You're not wrong, but with regard to sync, while reconciling based on time is a good starting point...it gets pretty complicated pretty quickly when you take into account that device times may not be in sync, network issues, and all of the various formats involve (when you're syncing filesystems, not just database records -- something we've taken advantage of with 1Password memberships).

    I was actually more concerned that, for whatever reason, 1Password app on my device would sync down an empty vault if all data on the server were to be deleted. Hence assuming that the encrypted data was deleted from the server, the copy on my device should restore back to the server, right?

    If we go back to the root, the only way the server would have an empty vault is if you deleted the items in it. If there were a catastrophic failure, and the server was destroyed, and all of the backup servers, and all of the versioned redundant backups of the database, the app would have nothing to talk to. Only the data within the vault would need to have been deleted for an empty vault to sync...and even if you did that by accident, you could restore them from the trash and/or item history. Does that make sense? :)

    ref: IMZ-74445-237

This discussion has been closed.