1Password Leaks Your Data

I don&#x27;t get why people are making out this isn&#x27;t a big issue - people would assume whatever is saved in the &#x27;vault&#x27; is completely encrypted.<p>You&#x27;d never encrypt a password but leave all the filenames&#x2F;directories viewable without the password...<p>(I&#x27;ve noticed this before when grep-ing for a domain, and it came up with stuff from my 1Password vaults, but couldn&#x27;t work out a better solution so still stick with 1password ). Its a shame, because 1password is great in almost all other aspects.

As an user of 1Password and indie app developer myself. I don&#x27;t think talking about this question in YCNews is not a nice gesture.<p>You are talking about an outdated data format which AgileBit had dropped. They already provide OPVault to solve the problem. What do you expect they want to fix?<p>Some of the readers may only skim the title of this article &#x2F; They don&#x27;t understand the technical details. So they will assume that 1Password IS NOT SAFE. It&#x27;s a minor bug which will affects almost no one. But this article ( Title ) will affects so many people&#x27;s impression on 1Password. You are just writing an article to punish AgileBit.<p>(Update: I was wrong about the Agile Keychain being dropped. It&#x27;s still using in Dropbox Syncing but iCloud&#x2F;CloudKit)

Of the many password vault tools out there I still prefer ones that store the data locally, secure with published and and peer-reviewed crypto, sync directly across devices without uploading to a service. I just don&#x27;t need the hassle of discovering belatedly that an online service has leaked any data. Especially if they are inclined to say it was by design.

You buried the lede here:<p>&gt; Well, in December 2012, AgileBits changed the format of their keychain from the Agile Keychain, to OPVault. So how is this new format? Well the first thing is that you cannot use 1PasswordAnywhere with this format any longer.<p>And:<p>&gt; Let me summarise: Do not use the Agile Keychain format. It leaks your data. If you are using it, convert it to the OPVault format immediately.

Funny, the title doesn&#x27;t pop quite as much when it&#x27;s replaced with the more accurate &quot;1Password Leaks Some Metadata When You Upload Your Keychain to Public Servers&quot;.

Not defending it but this was always a known, though not massively publicised, issue with the 1password format.<p>I seem to recall that the original justification was that it allowed for checking to see if 1p had a login for the current site without having to ask for your password to decrypt the db.<p>My understanding is that the new format addresses the issue, but it hasn&#x27;t been rolled out to the dropbox sync yet.<p>Hopefully the noise here will push that ticket to the top of their priority list :)<p><a href="http:&#x2F;&#x2F;taoofmac.com&#x2F;space&#x2F;blog&#x2F;2011&#x2F;04&#x2F;28&#x2F;2233" rel="nofollow">http:&#x2F;&#x2F;taoofmac.com&#x2F;space&#x2F;blog&#x2F;2011&#x2F;04&#x2F;28&#x2F;2233</a>

Wrote about that back in 2011. Surprised to see it&#x27;s still an issue, really - I changed formats, but there&#x27;s no reason for the JS to still work that way.<p><a href="http:&#x2F;&#x2F;taoofmac.com&#x2F;space&#x2F;blog&#x2F;2011&#x2F;04&#x2F;28&#x2F;2233" rel="nofollow">http:&#x2F;&#x2F;taoofmac.com&#x2F;space&#x2F;blog&#x2F;2011&#x2F;04&#x2F;28&#x2F;2233</a><p>(edit: Just noticed that someone else also linked to my blog post further down. Apologies for the redundancy.)

What&#x27;s also bad is it&#x27;s under shared origin dl-web.dropbox.com so some kind of persistent XSS or cross window JS can leak all your passwords.

Why don&#x27;t people just use KeePassX? Are these paid solutions worth it when you have a decent open source alternative?

Before you run migrating to OPVault do note that at this moment it is not supported on the Android app.

I had different issue with their &#x27;secondary vault&#x27; feature. Adding additional vaults as your secondary vaults is not just UI thing.<p>ADDING A SECONDARY VAULT EFFECTIVELY MEANS STORING MASTER PASSWORD OF YOUR SECONDARY VAULT IN YOUR PRIMARY VAULT!<p>This was confirmed by their support as a reply to my email below. It is better for UX, but it is not explained properly IMO.<p>Theoretically you could get burnt in scenario when you use personal primary vault with some weak-ish password and add your super-important employer&#x27;s vault as a secondary vault for convenience. You effectively make super-important vault as weak as your weak-ish master password of your primary vault (without knowing).<p>My email back in March 2014 (shortened):<p>I somehow ended up in situation where 1Password pretends to keep my data safe but does not require password for unlocking secondary vault as long as I have unlocked the primary vault. If I don&#x27;t unlock primary vault and switch to the secondary vault first, the correct secondary master password is required. [Contrary switching to primary vault while having unlocked secondary vault requires me to enter primary master password to unlock it (expected behaviour)]. This behaviour is exhibited in 1Password.app, 1Password mini and chrome plugin.<p>I&#x27;m a developer. I have just read all the documentation available on your site <a href="http:&#x2F;&#x2F;help.agilebits.com" rel="nofollow">http:&#x2F;&#x2F;help.agilebits.com</a> just to better understand the system and reason about it. And I cannot really explain this behaviour. 1Password should not know how to unlock my secondary vault without my secondary master password (unless it caches the master password somewhere behind my back) OR my secondary agilekeychain file is not really encrypted, but UI pretends it is, because it requires correct master password (when I go and want to see the secondary vault without unlocking the primary vault first). I noticed this behaviour only recently I think originally this worked just fine. This hiccup could be caused by latest update or my upgrade to 1Password4 a few months ago.

Hello all, I&#x27;m the Chief Defender Against the Dark Arts at AgileBits, the makers of 1Password.<p>The discussion and analysis in Dale Myers&#x27; article is very good, although someone who just reads the headline could very easily come away with the wrong impression.<p>The &quot;older&quot; .agilekeychain format (AKF) — designed nearly a decade ago – does indeed expose the same sorts of information that would be in someone&#x27;s browser bookmarks. So if someone gets hold of your AKF data they will be able to see what sites you have Logins for and what titles you have for your items.<p>Given the constraints we faced back then, that might have been a reasonable design choice at the time. But it is certainly not an acceptable design choice today.<p>The article does point out that that the OPVault data format was introduced as a replacement for the AKF back in December 2012. The OPVault format not only encrypts much more of the metadata, but it also provides for authenticated encryption and includes many other improvements.<p>The article also points out that the behavior of the AKF &quot;discovered&quot; is documented in many places. We&#x27;ve blogged about it, we&#x27;ve talked about it on our discussion forums and it is in the docs. What isn&#x27;t in place is some big red letters in the user interface that says &quot;Using this format leaves URLs and Titles unencrypted&quot;.<p>Dale Myers&#x27; article also correctly points out that we do offer instructions on how to migrate your data from the Agile Keychain format to OPVault.<p>The article criticizes us for (a) Not making OPVault the default for new Dropbox synching, and (b) Not providing a nice easy way to migrate<p>Obviously we would love to see everyone on the new data format. It is a big improvement over the old one in an enormous number of respects, but until we can be confident that everyone is running clients on all of their platforms that can handle the new format, we are treating migration as an &quot;expert only&quot; thing.<p>Rolling out a data format change when you have one &quot;product&quot; and one platform is easy. But we need to make make sure that people are using versions (and that such versions are available) of 1Password that handle the new format on all of the devices that they sync with.<p>So if we were to make OPVault the default sync format on Mac, we would need to know that the 1Password app people are using on Windows. We have been conservative about this.<p>Also, in our beta testing of data migration, we discovered a nasty bug in how we encoded keys for the some attachments. The result is that some of our beta testers would have lost data if they had not had good backups of their AKF data. Obviously, that is not something we wanted to push into general release. (Only attachments created in specific circumstances were victims of that, so we didn&#x27;t spot it in internal testing.)<p>Now you may very well disagree with some of our judgement calls, particularly about how cautious we have been and continue to be in migrating people to the new format. But I hope that even if you do disagree, you will see that there are reasons for our choices.

So the threat is that if someone hacks Dropbox and gains accesss to your Dropbox they can read which sites you visit?<p>Wouldn&#x27;t this be &quot;self fixing&quot; problem, if you use 1Password to comeup with a secure Dropbox password?<p>Obviously this isn&#x27;t ideal situation, but I see no reason to switch away from 1Password and currently I don&#x27;t even know where I would go from 1Password. I jumped from LastPass to 1Password since I want to have access to my passwords on mobile devices without paying a yearly fee and now that LastPass has been acquired by LogMeIn I&#x27;m in no hurry to jump back. And I don&#x27;t know if opensource managers like KeepPass have mobile support.

This is why Keeper uses zero-knowledge encryption. Our CTO, Craig Lurey, wrote more about data leakage here: <a href="https:&#x2F;&#x2F;blog.keepersecurity.com&#x2F;tech&#x2F;2015&#x2F;10&#x2F;23&#x2F;dont-be-leaky-password-management-privacy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.keepersecurity.com&#x2F;tech&#x2F;2015&#x2F;10&#x2F;23&#x2F;dont-be-leak...</a> We&#x27;re assisting any adversely affect customers who are interested in migrating to Keeper and offering 50% off worldwide (except 5 countries). Just shoot a note to sales@keepersecurity.com

I noticed the same issue awhile back, but I didn&#x27;t make a big deal out of it thinking I had no other choice. Good to know they have another format that limits the leak of metadata. Thanks for the post.

Ouch. 1Password is probably the best usable password manager today; they can do better in a few areas, including this. Another area would be putting blessing&#x2F;device keys on each device on top of a password, because I don&#x27;t trust a passphrase alone, and many platforms are getting trusted computing features -- you have a slow process to put a device key on each thing, which is then entangled with your passphrase to decrypt. You could even do a hw token, too. Another area they could improve is network sync -- I don&#x27;t trust iCloud or Dropbox, and wifi-sync is a pain, so supporting WebDAV or some other open format they could develop would be a lot better.<p>Long tangential digression:<p>My personal design goal is to maximize the number of distinct entities which have to collude to cause me serious harm.<p>Pure online SaaS is often very bad. There are cases where the risk is acceptable, but &quot;here, maintain a password list&quot; is not one of them. The &quot;shared google sheet full of password&quot; is a great example of this. Evernote is another example. I avoid these wherever possible.<p>Systems like LastPass where the binary is distributed by an entity every time I use it, and then talks to that same entity for the backend, are are better, but still bad. Hushmail was the canonical honeypot of this type -- download a java applet after logging in...<p>A long-lived binary (standard client software) talking to servers operated by that entity is better. Swapping the binary out is more detectable, and harder to do for a single user. iOS apps are probably the best for this right now, since Apple is sort of a semi-trusted intermediary here. You&#x27;d at least have a shot of catching the compromise after the fact.<p>Client software which talks to servers run by separate third parties is better. e.g. 1P using iCloud&#x2F;Dropbox. It is better as the set of third parties is bigger and more diverse.<p>The ideal is being able to run client&#x2F;server on your own platforms. Being able to run a cloud storage service (e.g. AeroFS) entirely on your own private network is ideal.<p>Open source on top of this is great, but in reality independence of operating the services is worth more. An open standard with multiple implementations, many of which are open source, would be meaningful, but merely publishing source code isn&#x27;t as meaningful, at least without verifiable&#x2F;repeatable builds and a good runtime level matching.

The part I don&#x27;t understand about all of this, is how this information becomes public when it&#x27;s stored in Dropbox? My understanding is unless you create a sharing link for it, it will be privately stored in your Dropbox.

It seems content.js at least for me is still hashes of passwords and not the passwords themselves, perhaps you need to open the website to have it be decrypted and saved in content.js?

The only place I&#x27;ve ever used that was inside of Dropbox&#x27;s web interface, where I&#x27;d have to first be logged in. Is it a common use case where it&#x27;d truly be public?

Great job finding and writing this. I didn&#x27;t find your writing to be shit, unlike another user here. I felt it was clear and succinct, without being sensationalist.<p>Edit: like -&gt; unlike

Does this only happen if you use Dropbox? What if you use iCloud?

Hmm.. reading all the time about hacks and data leaks from password managers. Never heard of one while using Sticky Password. Hope they won&#x27;t get hacked.

For those using 1Password, this isn&#x27;t as bad as the headline implies.<p>1. This doesn&#x27;t apply to local data<p>2. This applies to metadata, rather than passwords<p>3. This only applies to an old vault format changed in 2012 used for syncing via external servers [edit, specifically dropbox or folder sync, still in use for that it seems]<p>So 1Password leaks your metadata if you use the old vault format from 2012 and upload your passwords to a public service (or share them some other way), but that&#x27;s perhaps not such an upworthy headline.<p>Personally I would use local wifi sync and keep your data local, whatever password manager you&#x27;re using.

Does somebody know if Chrome sync with passwordphrase also encrypts the url? I&#x27;m not 100% sure... this is why I&#x27;m asking.

An other reason why it&#x27;s sad that Agile Bits does support Droppbox but not Webdav or any other selfhosted sync option

Do we need be concerned about previous .1p4_zip backup files? I just changed to .OPVault file format.

Anyone here use Enpass? What is your experience?

&quot;1Password Leaks Your Data was published on October 22, 2015 by Dale Myers.&quot;<p>Yet more proof of time travellers..