Dropbox Tip: 1Password Sync

I’m a great fan of both 1Password and Dropbox, so what’s better than combining the goodness of both?

If you have multiple computers running 1Password, you’ll love how easy it is to set up password syncing using Dropbox. The 1Password team recommends Dropbox over MobileMe or iDisk, so I decided to follow their lead.

As an extra feature, you’ll even get “1PasswordAnywhere”…

Setting up 1Password Sync

Setting up 1Password sync on Dropbox was easy:

  1. Create a folder “1Password” in your Dropbox
  2. Open 1Password Preferences, select the General panel
  3. Click the “Move…” button to move your keychain to the 1Password folder you just created

On your other computers, use the “Choose Another…” button instead.

Note: you need to be using the “Agile Keychain” format. This has been the default since 1Password version 3.

Security aspects

Security-wise, there are some implications. While your Agile Keychain is encrypted using 256-bit AES, an attacker could theoretically gain access to your Dropbox drive and copy the keychain for brute-force cracking.

I believe this risk to be very low, especially if you choose a strong Master Password for your 1Password keychain. There is a very nice explanation of the security implications on the 1Password forum.

1PasswordAnywhere

One of the lesser-known features in 1Password is “1PasswordAnywhere“. Once your 1Password keychain is on Dropbox, you can securely access your passwords from anywhere using a web browser!

This is also a nice way to access your 1Password data from your Windows PC.

  1. Open your web browser, go to https://www.dropbox.com/
  2. Log in to your Dropbox, navigate to the 1Password folder
  3. Click to open the “1Password.agilekeychain” folder
  4. Click on “1Password.html” and enter your Master Password

Security aspects

Any access to private information from an untrusted computer (say, an Internet cafe) is susceptible to attack from keyloggers and other threats. This holds for Internet banking as well as 1PasswordAnywhere.

There is no 100% security, not even on your own computer, but you can take some steps to minimize the risk.

  • You could use a Live CD or Live USB-drive to boot a trusted operating system.
    This protects you from most attacks (except hardware keyloggers, for example).
  • Another alternative would be to use the 1Password app for your iPhone or iPad.

1PasswordAnywhere is a convenient feature, but use your own good judgement to determine if you can trust the computer you’re working on.

Conclusion

I’ve been using Dropbox for 1Password Sync for several months now. It has proven to be a very reliable setup, and I recommend it highly.

It continues to work even if the Internet connection is unavailable, thanks to the Dropbox local caching mechanism. Updates are synced to your Dropbox as soon as the Internet connection is re-established.

  • 1PasswordAnywhere is a great feature, but it should be used only from computers that you can trust.
    I prefer to use the 1Password App if possible.
  • 1Password Sync with Dropbox offers an easy and secure way to back up and sync your data across multiple Macs.