Security and privacy

How 1Password protects your data when you use a sync service

Learn how 1Password secures your information whether it’s synced with a 1Password account, Dropbox, iCloud, or the WLAN server.

Protected by the 1Password security model, no matter what

1Password automatically secures your data regardless of how you sync it across devices. These are some of the steps 1Password takes to keep your private information safe, whether it’s stored on just one device or synced to many:

  • Encrypting your data with 256-bit AES. Your 1Password data is kept safe by the industry-standard 256-bit AES encryption algorithm. This makes it all but impossible for someone to decrypt the data you entrust to 1Password.

  • Defending against crackers with PBKDF2. 1Password uses PBKDF2 to make it harder to use a cracking tool, which is designed to learn passwords by making a bunch of guesses in rapid succession, to defeat your Master Password’s security.

  • Keeping your Master Password separate. Your Master Password isn’t stored alongside your 1Password data, or anywhere at all. This is a bit like making sure the key to a safe isn’t kept right next to it: Keeping them separate makes everything more secure.

  • Making your data available even when you’re offline. 1Password stores your data on your devices, so your logins, notes, and other information can be accessed even if you aren’t connected to the Internet. This means you aren’t dependent on access to your sync provider; your data will always be available when you need it.

Syncing your data makes it more secure

Sync is the safest way to ensure that your data is available when you need it. It’s more secure to have 1Password on multiple devices and to keep those devices in sync than it is to share information using texts, emails, or unencrypted files. Sync also makes it easier to recover your data if something happens to a device.

No matter how you sync, 1Password takes precautions to protect your data:

  • Encrypting your data at rest. Your 1Password data is always stored encrypted, so no matter how you choose to sync, your data can’t be read by anyone on the other end.

  • Encrypting your data during transit. Your 1Password data stays encrypted while it’s being uploaded or downloaded, so it’s always protected while it travels between devices.

  • Decrypting your data on your device. Your 1Password data is only ever decrypted on your device, which means you are the only one who can see it.

1Password doesn’t restrict you to just one sync method. You can always choose how you want to sync your data, and if you change your mind after you’ve set up a sync service, you have the flexibility to move everything to a different tool.

1Password account: no-fuss security and convenience

If you have a 1Password account, you benefit from features that provide safety, privacy, and convenience:

  • Secret Key. 1Password creates a private, 128-bit Secret Key to encrypt your data. This key never leaves your devices, and it gives your account another line of defense together with your Master Password.

  • Account recovery. Most website have a password reset feature which relies on a master key in the possession of the service provider. Your 1Password account has no such key, so it can only be recovered by people you entrust. They alone can help you regain access if you forget your Master Password or lose your Secret Key.

  • Secure Remote Password (SRP). Most websites send your password to a server when you try to sign in, leaving it vulnerable to interception. Your 1Password account uses the SRP protocol to authenticate your login details without sending your Master Password over the Internet, so it can’t be stolen while it’s in transit.

  • Web access to your 1Password data. 1Password.com uses the latest browser-based cryptography to provide a secure way to access your data from any modern web browser.

  • Everything is handled for you. You don’t have to make any decisions about how your data is synced or secured. Your 1Password account was designed to offer the most protections with the least complexity of any sync option.

iCloud and Dropbox: Secure and customizable services you can trust

If you decide not to create a 1Password account, you can sync your data using iCloud or Dropbox. The encryption algorithms, secure transmissions, and other protections in 1Password keep your data safe no matter how you sync it.

  • Trusted services. 1Password only uses trusted services to sync data between devices. Dropbox and iCloud are large, well-known, and carefully scrutinized by the many people that rely on them to keep their data safe.

  • Open standards. 1Password syncs with iCloud using AgileCloudSDK, an open source API from the creators of 1Password, and uses the public Dropbox API to sync with Dropbox. By following standards and using open source tools, 1Password lets anyone find out exactly what’s happening when their data is being synced.

  • Additional security features. Both services offer features like two-factor authentication and easy access from any device, which means your data is protected by every tool you’ve decided to sync it with.

WLAN server: For when a sync service isn’t an option

If you can’t sync with a hosted service, whether it’s because of corporate policies or limited Internet availability, you can use the WLAN server over a local wireless network to sync 1Password.

  • Secret codes for adding devices. 1Password generates a secret code when you set up the WLAN server, so only devices in your possession can attempt to connect.

  • Local network availability. Your data never leaves your local wireless network.

Choosing the sync method that’s right for you

You’ve seen how 1Password protects your data regardless of how you choose to sync it across multiple devices. Now that you know your information is safe no matter what, this chart can help you decide which sync option is right for you.

Feature / Service 1Password account iCloud or Dropbox WLAN server
Encrypted in transit
Encrypted on device
Available offline
Available on multiple devices
Multi-factor authentication available
Available on the web
Account Recovery
Secure Remote Password
Secret Key
Local network

Learn more

Published: