How 1Password touch Syncs Securely

The short answer is that both of our iOS syncing methods are extremely secure. They protect against sniffers and man-in-the-middle attacks as well as protecting your data against someone who gains complete access to you device. These syncing methods can even be safely used for syncing on public unprotected Wi-Fi networks. Your data are never transmitted or stored unencrypted, and any decryption takes place on your own device.

The remainder of this article provides the background needed to understand how this security is achieved. It provides an under-the-hood look at how 1Password manages your data.

Formats and unlocking

1Password on iOS uses a different data format from the data file format used by 1Password for Mac and 1Password for Windows. This allows you to have a different master password on your iOS device from the one on your Mac or PC. When you set up the iPhone application it creates two new encryption keys for performing AES encryption. One key is used for items protected with the unlock code and the other key is used for items protected by the master password. In addition to allowing for master passwords that are easier to type on different devices, the data format used on iOS is more appropriate for an operating system that is not designed for heavy disk activity.

It is important to also understand that even when your data are unlocked, everything remains encrypted except for the particular item you are looking at or using at the moment. It may seem as if all of your 1Password data are open, but unlocked really means that 1Password has access to a key (derived indirectly from your master password) which can be used to decrypt particular elements as they are needed. This way only a minimum amount of confidential information is in memory at any one time, and unencrypted information is never written to disk.

Wi-Fi syncing (Mac only)

1Password on your Mac doesn’t know the master password or unlock code for 1Password on your device, and 1Password on your device doesn’t know the master password on your Mac. In order to engage in Wi-Fi syncing, 1Password on your device and on your Mac need to be unlocked. 1Password on your device and on your Mac securely negotiate a session key that they will use for encrypting the data during this exchange.

When 1Password on your Mac wishes to send something to 1Password on your iOS device it will decrypt the information it has in your data on your Mac then re-encrypt that using the session key. 1Password on your iPhone, iPad or iPod touch will decrypt that information with the session key and then re-encrypt it for the database on your device.

The authorization (secret words) used when you first established Wi-Fi syncing to your Mac allowed your device and 1Password on the Mac to securely set up keys that they can use to identify each other. This ensures that you only sync between the systems that you have authorized for syncing.

Dropbox syncing (Mac and PC)

Wi-Fi syncing, although perfectly secure, has a number of other limitations which have been overcome by using Dropbox. As with Wi-Fi syncing, 1Password needs to convert back and forth between the data format used on iOS and the data format used by 1Password for Mac or 1Password for Windows and stored on Dropbox. But unlike with Wi-Fi syncing, all of the components of the conversion, with its decryption and re-encryption, are performed on your device.

When 1Password on your device detects that there is a newer item on Dropbox, it will fetch that encrypted item from the Dropbox server. It will then use the master password for your Mac or PC to decrypt the item, and it will then immediately re-encrypt that for your database on your device. The same thing happens with a change made on your device. 1Password on your device will decrypt the item using your master password for your device and will immediately re-encrypt it for storage on the Dropbox servers. The item with the encrypted data will then be transmitted to Dropbox. Dropbox will never have access to your unencrypted data. In addition to this, all communication between Dropbox and your computers and devices is very well encrypted using SSL. We have another document dedicated to the security of storing your 1Password in the cloud.

Keeping secrets for Automatic syncing

For 1Password to synchronize with Dropbox automatically, it will need access to the following three secrets:

1. Your Dropbox credentials (email address and Dropbox password)
2. Your master password for 1Password on your iOS device.
3. Your master password for your data as stored on Dropbox.

Although it may appear insecure to store these secrets on your device for automatic syncing, it is actually far more secure than it initially looks. These three secrets are stored in an iOS keychain. This is a brilliant and beautiful security tool built into all iOS devices. When a program, such as 1Password, puts something into an iOS keychain the data are, of course automatically encrypted. But there is much more to it than that.

For an item in an iOS keychain to be decrypted three things are needed:

1. The device must be unlocked.
2. The request must come from the app that put the item there in the first place. Each app on your device has a digital signature, and it is impossible for something other than the 1Password app itself to get into its keychain.
3. The decryption needs to use the unique hardware key built into each and every Apple iOS device. That means that even if someone were able to copy all the data from your device to a system that they completely control, they would not be able to gain access to your keychain.

We take the additional precaution of making sure that even those encrypted credentials are never stored in (encrypted) backups in iTunes. This means that even if someone could break the security of the backup, there is no opportunity for anyone to launch an “off line” attack against these data in the iOS keychain.

With all of these measures built into the iOS keychains, granting the 1Password app access to the information it needs to sync adds no meaningful security risk.

If you prefer to not sync automatically, you need not store any of this information in the iOS keychain. To manually sync with Dropbox you will need to provide the necessary information at each sync. To do so, just perform a sync and afterwards go to Settings > Sync > Dropbox > Account and tap the Reset button.

There have been some high profile claims of the ability to break into iOS keychain information through iTunes’ backups. This does not affect 1Password in any way as we do not allow items in the iOS keychain to be included in backups. We provide some information about this in our iOS Security Details document.