I have a few questions concerning data visibility. I am wondering about what a bad guy could see even without the master password.
1) It is my understanding that password strength is no longer stored in the clear but is now encrypted. My keychain is a couple years old. Were the strengths automatically encrypted or do older keychains still have strength information stored in plain text? I am running v3.8.20 on my mac.
2) Is there any information, other than titles and URLs that are stored in plain text?
3) How do smart folders appear in the keychain and in iOS apps? Are the names of the smart folders, search criteria, or cards that matched the criteria visible? For example, if I create a smart folder titled "sites that use password abc", where abc is the actual password being searched for, will a bad guy be able to see that I use "abc" or what sites the search matched with?
Randy
Comments
Team Member
While your sensitive data is always strongly encrypted, metadata about the items is not. The easiest way to visualize this is to simply open the View > Columns menu. Apart from password strength, the metadata represented there which is used to sort items is not currently encrypted:
So tags assigned to an item and the folder an item is located within are both available in the JSON. Smart Folders are each represented by a unique `.1password` item within the data file bundle, but neither the search criteria nor the items which meet the criteria are available in the JSON.
Though we like to be agile and not normally announce features before they are delivered, this is an aspect of our forthcoming format which we have publicly announced. The new format which encrypts such metadata is in very active development, but I can't give more details at this time.
I hope that helps. Please let me know if you any further questions or concerns.