Hacker Read

Cthulhu_ | karma 26640 | avg karma 2.23 · 2019-07-12 14:54:43+00:00

That MAY be the case (I'd love for a number of independent parties auditing the security, NOT paid for by AgileBits), but it's still a single point of failure. What if they have data loss? What if that data loss causes local data to be lost due to a sync operation?

I've always used the Dropbox approach + backups. If Dropbox has an outage the file is still synced locally. If Dropbox deletes the file via a sync operation I still have my backups. If I delete the files Dropbox has an undelete option.

All I want is control over the files.

reply

voska | karma 817 | avg karma 13.39 · 2019-07-12 14:56:07+00:00

It also changes the risk profile. AgileBits is a big target, my local machines are not.

bwoodruff | karma 120 | avg karma 0.83 · 2019-07-12 16:45:09+00:00

Ben from 1Password here. We've designed the model so that we aren't a big target. The Secret Key helps with that. https://support.1password.com/secret-key-security/

AdamGibbins | karma 1680 | avg karma 3.35 · 2019-07-12 19:54:53+00:00

That's a strange statement, you're a big target because you're holding lots of peoples secret data. Doesn't matter how you model it, unless your model is to have minimal data/clients.

bwoodruff | karma 120 | avg karma 0.83 · 2019-07-12 23:24:40+00:00

Minimal data of value, yes. Did you read about the Secret Key?

microdrum | karma 217 | avg karma 0.73 · 2019-07-14 22:08:53+00:00

Ben, everyone here understands the model. It isn't sophisticated and it isn't particularly special. You have a lot of [encrypted] sensitive data. On your network. On servers you own. You are a target. Once the bad guys get the data, they'll worry about the individual keys and whom they want to target.

I'm one of the many people who are both dropping 1P and advising friends and family to do the same as a result of this episode.

reply

AdamGibbins | karma 1680 | avg karma 3.35 · 2019-07-15 15:40:59

Yes I read about the secret key, before I became a customer of 1Password. Your response concerns me. I understand you're encrypting the data, and have put in great effort to do so. This doesn't prevent your servers being a target for all sorts of other exploits, hacking of your webservers injecting back doors etc. The fact you halve a lot of clients with secret data makes you a target.

javagram | karma 4316 | avg karma 3.05 · 2019-07-12 17:17:10

> still a single point of failure. What if they have data loss? What if that data loss causes local data to be lost due to a sync operation?

Local data should be backed up as always, don’t rely on a cloud service to sync.

Personally I use two hard drives on my machine with time machine and regularly rotate them to ensure I have a recent backup and a less recent, network disconnected backup in case something like this should happen.

reply