1Password touch, encryption, and iPhone

1Pt_icon_128As you may have heard by now, the new iPhone 3GS features hardware encryption for protecting data on the device. Apple is touting this feature as part of a new Enterprise-ready push for the device.

As you may also have heard from this Wired story, an iPhone developer, hacker, and professor named Jonathan Zdziarski called this encryption “useless” for businesses. Zdziarski says that Apple’s decision to store the encryption key on the device alongside the very data it is protecting is “like storing all your secret messages right next to the secret decoder ring.”

Understandably, we have received a few support requests about what this means to 1Password and the security of our customer’s data. Fortunately, it doesn’t mean much of anything.

Let me explain.

1Password for iPhone and iPod touch (and Mac, for that matter) encrypts all of your information with your Master Password. We use secure, 128-bit AES encryption (outlined in greater detail in this support document) to protect your 1Password database. While we do use the standard, hardware-accelerated encryption frameworks included in the iPhone OS, your Master Password is never stored on the device alongside your data.

In other words, if a thief were to steal your iPhone and use the tools outlined in Wired’s article to copy everything off of it, your 1Password information would still be safe; as long as you don’t commit a security faux pas and use a very short and simple Master Password like “b0b”. The Master Password is (ideally) stored only in your head, locked away from inquiring thieves – just like your 1Password data.

David Chartier
Chief Media Producer, Agile Web Solutions