3/17/10
6:08 am

Forum Question: 1Password and Dropbox and MobileMe

The 1password keychain is encrypted, but if I open the keychain file so that I can use 1password or to look up info on my keychain on an open unsecure WiFi, could other people see my passwords and secure notes?

I believe read Dropbox stores all files encrypted, but that MobileMe does not encrypt them. Is that correct? But since the 1password keychain is already encrypted it’s not necessary to have it stored encrypted like on Dropbox??

— Luba

Comments: 4 Responses to “1Password and Dropbox and MobileMe”

    3/17/10 @ 6:11 am

    The 1Password file is very encrypted, yes. So any additional encryption is unnecessary. Opening it on your Mac doesn’t decrypt the file so others can see it — the decryption happens on your Mac, not on the network. So the file sitting there is still encrypted.
    FYI — 1Password doesn’t recommend using MobileMe’s iDisk anymore to store the 1Password file. Not a security issue, but apparently having to do with write speeds and synchronization issues. They do say Dropbox is OK.

    Luba
    3/17/10 @ 8:30 pm

    Ok, so using Dropbox, I got one copy of the 1password keychain on my Mac and in cloud. When I de-crypted it, it’s only happening on the Mac so nobody can “see” anything. After I make changes it gets encrypted, then sent to the cloud (Dropbox) with updated version of file.

    But what about when I am traveling and I need a password, and I am checking on a somebody’s work computer, or perhaps even a public internet cafe computer? The 1password keychain will de-crypt on that computer and then delete itself off the public computer or colleague’s computer?

      3/17/10 @ 9:20 pm

      Well, you wouldn’t be able to look at the file at all, because 1Password wouldn’t be installed on those other computers, most likely. But even if it was, it wouldn’t matter. The decryption happens on the computer, not on the network. The decrypted information does travel anywhere.
      But in a situation like this, you should use the “1Password Anywhere” functionality described on their site anyway.
      Also, even if the password is stored in your head, it isn’t safe to use a public internet cafe computer for anything like this at all. You don’t know if key logging software is watching your every move. Only use trusted computers to log on to sensitive systems like your email.

    Luba
    3/18/10 @ 11:41 am

    thanks for the info! so many traps and pitfalls out there.

Comments Closed.