Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Feature request: encrypted 1pex
Hi,
I would like to have an option to export my 1Password data in an encrypted 1pex file, like I did with Dashlane.
6 Replies
- 1P_Dave
Moderator
Hello gusifang​! 👋
Welcome to 1Password! If you're using a 1Password account then there is no need to backup your vault since your data is already backed up to your 1Password account in the cloud. If you accidentally delete an item you can always restore it from your 1Password account on 1Password.com: View and restore previous versions of items
Your encrypted data is replicated to redundant copies on our end to guard against any data loss.
Is there a particular reason you’d like to export your items? When you export items, a copy of that data exists outside of 1Password’s protected environment. While your account will still have access to security features like device alerts, two-factor authentication, and more, those protections won’t apply to the exported file.
-Dave
Apologies for hijacking your reply 1P_Dave​ but redundancy is no protection against data corruption. So relying on any sort of export is highly beneficial. As both gusifang​ and Pleonasm​ indicate there is a need for thorough security.
Kudo's on AgileBits/1Password though for allowing unrestricted export but I think gusifang​ meant it the right way that if some unbeware use is exporting unencrypted data, it might leave residue on the storage media. Independent of whatever you are exporting, that should be a no-go (hence encrypted tmpfs or compatible would be ideal). So it's very good that 1Password doesn't lock users in when exporting data in some proprietary format, but I'd suggest refraining from stating that the cloud-based solution solves everything :)
There are benefits to keeping it inside 1password and I do believe we all understand the pro's (far outweighing the cons) for watchtower, change history and whatnot. There is a proper security sense in having a (self-decided encryption mechanism) to at least store a point in time copy of one's data 'somewhere else'. It would be a lot of eggs in the same basket if someone drops that basket. I doubt I need to insert examples here, we all know them by heart.
It might be worth a blog to have a nice 'how-to' on your support website?
Thanks for your reply. That's what I'm currently doing as a fallback (with Kleopatra). But I find it inferior to Dashlane's encrypted export, because:
- the unencrypted file is temporarily stored, and thus vulnerable to being involontarily copied somewhere it shouldn't be or PC theft,
- although I can use a safe delete tool, it adds an additional step and it's not very effective on a SSD anyway.
Great suggestion, solid advice and solution!
Why wouldn't you leverage https://support.1password.com/1pux-format/ and choose your own encryption/obfuscation/whatever so it wouldn't even matter which tool you use in any potential future? Just for inspiration https://github.com/UtrechtUniversity/privacy-engineering-tools/blob/main/secure-computing/encryption-tools.md lists a lot of potential candidates? And you wouldn't have any vendor or future app upgrade lock-in issue?
