OAuth, Dropbox, and your 1Password data

1Password in DropboxA number of iOS apps, including 1Password, have a security problem in how they handle OAuth tokens. 1Password 3.6.5, which was submitted to Apple several days ago, fixes this. This will be a free update for all owners of 1Password for iPhone, 1Password for iPad, and 1Password Pro (for iPhone and iPad). We can’t predict how long Apple’s approval process will take, but the update should be available soon, if it isn’t already by the time you read this.

Because of this bug, someone who gains physical access to your device may be able to copy authentication tokens off of it, then install those tokens on their own device to access your Dropbox data. It is not entirely clear at the moment under what circumstances an attacker will also need the device passcode. It appears that if the device has previously been synced with the computer the passcode isn’t required. In any case it is important to protect your iPhone, iPad, or iPod Touch protected with a good passcode.

We have been extremely careful in how we store your Dropbox username and password for automatic syncing, but like many others, we didn’t take the appropriate precautions when it came to OAuth tokens. These tokens allow quick connection to Dropbox (Facebook and other services also use OAuth). Of course, any 1Password data that an attacker fetches from your Dropbox account is still encrypted by 1Password.

In 1Password 3.6.5, which we submitted to Apple at the beginning of the week, we store OAuth tokens securely in the iOS keychain, where they are properly encrypted and cannot be copied to other devices. However, if other apps that use Dropbox have the same problem (and it looks pretty common), then OAuth tokens can be copied from those apps as well.

The OAuth problem

The problem of how OAuth tokens are stored was first discussed Tuesday (April 3) by Gareth Wright reporting on the Facebook iOS app.OAuth logo Since then, it became clear that the Dropbox app itself has the same problem. Presumably there are many other apps that connect to services like Facebook or Dropbox that are unfortunately in the same boat.

Dropbox have told The Next Web that:

[Our] Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same.

Facebook’s initial statements have been less clear, but no doubt they will be submitting a fix soon.

For one of the best discussions of this whole thing, please see the report and analysis by The Next Web.

What this means for you and your 1Password data

1Password Pro iconThis design problem, both in versions of 1Password prior to 3.6.5 and in other apps, means that it is easier for an attacker to get hold of and manipulate your 1Password data stored on Dropbox than we had anticipated. I used to say that it was far more likely that someone could get hold of your 1Password data by stealing your Desktop computer than by getting it off of Dropbox. I certainly have to revise that assessment.

The good news is that your usernames and passwords  (along with notes and attachments) are well encrypted. Even if someone gains full control of your Dropbox account they will not be able to get at the secrets encrypted in your 1Password data. We have also been busily working on an updated version of our data format that is even better suited for life in the cloud.

You can also manage which devices are allowed to connect to Dropbox. That is, you can instruct Dropbox to reject certain OAuth tokens and also view the the last few times each authorized device has connected.

To manage your Dropbox devices, log in to your Dropbox account with a web browser, and under your account name, go to Settings and then “My Computers”. If you suspect that an OAuth token has been stolen, you can unlink the computer or device. After that you will need to relink the computer or device to your Dropbox account using your Dropbox username and password.

Alternatives to Dropbox

Every time there is a security issue with Dropbox, people rightfully suggest that we offer alternative syncing mechanisms. At this point, there is nothing that I’m in a position to say beyond what we’ve said earlier in “Dropbox Terms“. There are developments, but nothing I am even willing to hint at just yet.

More security changes to come in 3.6.5

The changes coming in 3.6.5 are all about security and bug fixes. Please see “1Password 3.6.5 for iOS is out with PBKDF2 goodness!” for details.

Appendix: When is a passcode required for this attack?

When an iOS device is connected to a computer that it hasn’t connected to previously, the user will be prompted to enter the passcode on the iOS device. After that first connection, the computer will store some keys that will allow it to unlock the iOS device for future connections.

So once you have unlocked your iPhone for a particular computer, when you plug it in later, you do not need to unlock it for the file system on the device to bevisible to tools like iExporer. This is presumably why initial reports of this issue claimed that no device passcode was necessary to extract the files containing the OAuth tokens.

There is, unfortunately, one further complication. iTunes will automatically unlock the device for any user account on the same computer that the device has previously been unlocked on. That is, if Alice and Bob both have user accounts on the same Mac, and Alice has at one point entered the her passcode on her iPad to allow syncing, then Bob will be able to gain access to most of Alice’s iPad simply by using iTunes in his account on the Mac. What is worse is that Bob’s account on the computer can also be a guest account, and he will still have access.

All of the testing I have done has been with iTunes 10.6.1 on Mac OS X 10.7.3 (Lion). I have not tested this with iTunes on Microsoft operating systems.

What is worrisome here is that exactly the same people (co-workers, family members) who have the easiest access to your iOS devices are very likely to have some account on the same computer that you have used.

Still, passcodes do matter so please remember that a good device passcode is a good idea.

Data protection classes

As of 1Password 3.6.5 we put the OAuth information into the iOS keychain using the “ThisDeviceOnly” data protection class that will not allow the OAuth token to be copied from the device unencrypted. There is a bit of terminological muddle in that “ThisDeviceOnly” and “ProtectionComplete” mean the same thing except that the former is used with keychain items and the latter used with files. I prefer the term “non-migratable” to cover both.

The application property lists files, plists, contain app preference settings, and this plists do not have the non-migratable restriction on them; they are fully accessible once the device has been unlocked. Note that data with the non-migratable restriction  cannot be restored from an iTunes or iCloud backup to a different device. So if you replace your iPhone or iPad, you will need to re-enter your Dropbox credentials to reestablish automatic syncing.

Please join the discussion of this on our forums.

Strong Security Requires Strong Passwords

Elcomsoft just published a very informative review of the state of the mobile password manager landscape. They investigated the defences applications provide and how long it would take to discover someone’s Master Password. In their findings, they found that if on iPhone or iPad your 1Password Master Password contained only numbers and was 12 digits long, then it could be found in one day, assuming the attacker got ahold of your device or a copy of your data file.

Note that this discovery time is for passwords that only use digits. As Dmitry and Andrey pointed out, this would be equivalent to a 6 character password (lowercase and uppercase characters, digits, as well as symbols):

To quickly convert this value to a comparable length of a password composed of random ASCII characters one can simply divide the former number by two (since number of ASCII characters is 95 ≈ 102).

The main reason the password can be determined so quickly is because 6 characters provide relatively few possible password combinations. To put this into perspective, here’s how the password length affects the discovery time:

Password Length Possible Combinations Discovery Time
6 956 1 day
7 957 3 months
8 958 24 years
9 959 2,348 years
10 9510 223, 152 years
11 9511 21, 199 centuries
12 9512 20 million centuries
13 9513 2 bln centuries
(42 times the age of the earth)

The discovery times are extrapolated from the numbers provided by Dmitry and Andrey in Table 2: Password recovery speeds and recoverable password lengths.

As you can see, it would take quite a while to discover a ten character password. Personally, I use a 13 character password as I have a lot of very sensitive data within 1Password and I want to ensure it remains safe, even if my iPhone was lost. It would take an attacker a very long time to iterate through all the possible combinations, and that is why the discovery time is so inconceivably huge.

With that said, as Dmitry and Andrey point out, 1Password could do more to slow the password discovery process, thereby making it take even longer. For example, on the desktop (both Windows and Mac), 1Password uses PBKDF2 to significantly slow down attackers. Currently this is not available on iOS as we needed to support older devices. The next major release of 1Password will only support iOS 5 and at that time we will be incorporating these additional defences.

You may be wondering why we think strengthening is required; after all, even a 10 character password would require hundreds of thousands of years to crack. The reason is 3 fold:

  1. Some users are using shorter passwords and we want to provide them as much protection as possible.
  2. All these numbers are based on the same hardware described by Dmitry and Andrey. Depending on the attacker’s resources, more powerful machines could be available.
  3. As time goes on, machines will continue to get faster.

To help guard against faster hardware and to strengthen shorter passwords, we are planning to update 1Password’s defences with several significant changes:

  1. 1Password 4 for iPhone will no longer allow items to be protected by just the PIN code. The PIN code was meant for less sensitive items and we always expected the Master Password protection to be enabled on important items. To simplify things, all items will be protected with the Master Password, just like on iPad, Mac, and Windows.
  2. In 1Password 4, we will be switching from 128 bit AES encryption keys to 256 bit.
  3. In 1Password 3 for iPad and iPhone, the password verification process will be significantly slowed down. Specifically, PBKDF2 will be added to iOS to match the Desktop versions. We will also remove the PKCS#7 padding mentioned by Dmitry and Andrey so attackers will be forced to perform two AES decryptions instead of just one.

Updates for 1Password 3 will be submitted to Apple within the next few weeks. Work on 1Password 4 is ongoing and it will be published later this year.

In sum, it is great that Elcomsoft took the time to analyse mobile password managers and draw attention to how critical password length is when protecting your data, and at how easy it is to “pick” a 4 digit PIN code. It’s important that everyone knows this.

What you can do today to ensure your data is protected is the same thing we have recommended all this time: use a Master Password on iPhone and iPad that is long enough to provide adequate protection for your needs. You can refer to the table above to determine the length of password that makes you feel most comfortable. Also, on iPhone, be sure to go through your items and ensure you have enabled Master Password protection.

For tips on how to pick or update to a good, strong Master Password, see our blog posts like Towards Better Master Passwords and its accompanying Geek Edition.

Lastly, all of the calculations assume the attacker has full access to your data. To protect against this, secure your iOS device with a passcode and if you are still backing up with iTunes, be sure to encrypt your backups.

1Password for iOS gets updated, prepares for the future

Big things are afoot, dear 1Password iPhone and iPad users. While we’re not quite ready to talk specifics just yet, I can talk about the small yet shiny updates we released in the App Store and some of our plans for the future.

The updates

Available now are updates to all three iOS versions of 1Password: for iPhone, for iPad, and the universal Pro version for all devices (they’re all version 3.6.1 for those keep track at home). They improve Login filling on websites and fix a handful of iOS 5 bugs like the Login popover, a crasher on iOS 3.1, and an unresponsive search box.

The future

Speaking of iOS 3.1, though, we want to get the word out that this is the last update to support iOS 3 and iOS 4. If you can’t upgrade to iOS 5 for whatever reason, I recommend downloading these version 3.6.1 updates, making a backup copy on your Mac or PC for safe keeping, and simply not opting to update 1Password for iOS until you can upgrade to iOS 5. For a quick way to get a copy of the 1Password for iOS app file (note: this does not backup your actual data. See this guide for that), you can:

  • Select your copy of 1Password in iTunes, from the Apps section in your Library (pictured below)
  • Go to File > Show in Finder/Explorer. This will open a new file browser window to where iTunes stores copies of your apps and automatically the file for 1Password for iOS
  • Copy (don’t move!) this file somewhere safe, or ensure that its folder is backed up by whatever backup software or service you use. Also: +50 points to you for using a backup app or service

ITunes Show in Finder

The why

So why are we going all-in with iOS 5 for the next versions of 1Password for iPhone and iPad? Because iOS 5 adoption is off the charts, and it will let us bring you a more secure and reliable 1Password experience, especially when it comes to some key new features. These enhancements are going to require a lot of work, which means we could add a bunch of extra code to support both iOS 5 and previous versions. But as you’ve probably heard before, extra code means more complexity, and complexity is the enemy of creating a rock solid, fantastic experience.

One of the biggest perks of iOS 5 is, of course, iCloud. Apple’s providing developers with a fantastic cloud service that should simplify a lot of challenges when it comes to sync and backup, and we’re all over that. However, iCloud is only compatible with Lion and iOS 5, as well as Windows Vista and 7.

Another major, though more under-the-hood, change in iOS 5 is something called Automatic Reference Counting. Long story short, this new tech in iOS 5 simplifies a lot of tough problems for developers when it comes to managing memory and making sure apps perform well and don’t crash. Again, we’re all over that. In fact, I think you’d be hard pressed to find someone who isn’t.

The ‘stay tuned’

As far as more details about our next major updates to 1Password for iOS, those will have to wait for another blog post. To be the first to know, be sure to subscribe here to our Agile Blog, follow @1Password and @AgileBits on Twitter, and like the 1Password Fan Page!

On 1Password and iCloud

Just in case this is the first blog post you’ve checked since swearing off reading tech news for the past ten months or so: this is a pretty massive week for new Apple goodies (also: thanks for making this the first post you’ve read in almost a year!). Yesterday, Apple released iOS 5 and its many fantastic new features to the world, as well as a bunch of new apps like Find My Friends, AirPort Utility for iOS, and Cards. Tomorrow, the iPhone 4S becomes available, and Apple’s new service that ties it all together—iCloud—offers some great potential to third-party apps like 1Password.

NewImage

Naturally, we’re getting a lot of questions about whether we will offer iCloud as a sync option in 1Password for Mac, Windows, iPhone, iPad, and Android, either as a replacement or an alternative to our current preferred sync service, Dropbox.

What I can say so far is that we’re just as excited about iCloud as you are, and we’re definitely looking into what it can do for 1Password and you. Fortunately, you can actually enjoy one of iCloud’s perks if you upgraded your iPhone, iPod touch, or iPad to iOS 5 and created an iCloud account: automatic, once-a-day, over-the-air backup and restore of all your iOS app data, which includes 1Password for iOS. Go to Settings > iCloud to learn more and configure.

Without us having to do anything, iOS 5 can at least wirelessly backup your 1Password data, and let you restore that data should you ever need to wipe your device or replace it with a new one. So really, the million dollar question is whether iCloud can function as a great solution for syncing 1Password data between computers and devices.

We don’t want to say anything more about iCloud right now or whether it will turn out to be the great sync solution we know 1Password customers demand. But rest assured, we’re definitely looking into it. As soon as we have more to say, you’ll hear about it here, on our @1Password and @AgileBits accounts, and on our 1Password Facebook page.

1Password in iLounge’s 100 Essential iOS Apps of 2010!

We just got word that 1Password for iPhone and iPod touch made it into the 2011 iPod/iPhone/iPad Buyer’s Guide as one of the 100 essential apps of 2010. In fact, we’re first on the list in the productivity section! You can check out the guide at iLounge and see what other treasures are on the list.

We work hard to make 1Password—and everything we offer—the best it can be, and our users’ feedback makes it all worthwhile. Keep letting us know what you think (and what we can improve) and we’ll keep churning out new features. Thanks to iLounge for making our day!

Updates, Updates, Updates!

In an unprecedented move, Apple approved three updates yesterday: 1Password for iPad 1.2, 1Password for iPhone/iPod touch 3.1.1, and 1Password Pro for iPhone/iPod touch and iPad 3.1.1.

1Password touch updates

Wondering what’s changed? Well, the iPad-specific version has been brought up-to-date with the non-Pro improvements introduced in 1Password Pro 3.1, like a “Show All Login Fields” setting and a reveal/conceal menu option for password fields. There are auto-lock and web view improvements, and that pesky portrait-mode bug1 has been fixed.

1Password (standard) for iPhone/iPod touch (only)’s version is now 3.1.1, which matches 1Password Pro’s version. You can now also send us feedback from within the application, instead of having to launch the Mail application, first.

A changelog accompanies each update, so if you’re interested in the specifics, be sure to check it out, either in iTunes on your computer or in the App Store app on your touch device.

Haven’t purchased yet? You can find more information about each version in our user guide. When you’re ready, you’ll find the applications—1Password Pro, 1Password for iPad, and 1Password for iPhone/iPod touch—in the iTunes App Store.

1 The “Go & Fill” arrow was broken in portrait mode. Sorry about that.

1Password for iPad one of Computerworld’s top eight

1Password for iPad

1Password is an extremely useful app for both the Mac and the iPhone, and now it’s available for the iPad too. The iPad version is more like a grownup application…

We’re stoked that Computerworld consider 1Password for iPad one of the device’s top applications. This is going to be a wild, wild ride, and it’s fantastic that you’ve joined us for it!

iPad Feature Sneak Peek

Feature Sneak Peek: A much easier way to browse and login on your iPad

We’re toiling away on updates to 1Password for iPad and 1Password Pro, so we thought we’d show off a little. Obviously, one of the bummers of Mobile Safari is that Apple does not (yet) let developers plug into it. This means that 1Password for iPhone OS cannot integrate with Mobile Safari as tightly as it does with most browsers on your Mac.

But who says you have to browse in Safari?

We’re bringing “Available Logins” to the browser built into 1Password for iPad and 1Password Pro. This means that when holding your iPad in landscape mode, you can open 1Password’s browser, visit a site, then tap the Available Logins menu to see any of your Logins that match the site. Tap one, and 1Password will fill the form and log you in.

Browsing the web and logging into your sites on an iPad, iPhone, or iPod touch cannot get any easier than this. You will be able to enjoy this feature once Apple approves our next updates to 1Password for iPad and 1Password Pro, which we hope to submit in the next day or three.

We're working through some iPad bugs (Updated)

Update: 1Password Pro 3.0 and 1Password for iPad 1.1 are now available in the App Store! See this post about the changes in these two updates, or just visit the App Store in iTunes or on your device to update!

Original post:

Some of our users are reporting some bugs in 1Password for Mac, such as problems when syncing with the requisite 1Password for Mac 3.1 update, Go & Fill quirks, and crashes. Now that we actually have iPads on which to test our software (the simulator Apple provides unfortunately isn’t enough), we are squashing these bugs with the determination of an Olympic Games finalist.

We hope to submit a new build to Apple by either today or tomorrow that resolves most of these issues. We’ll keep you posted here and on Twitter.

1Password and iPad Part 3: Return of the Passwords

It’s almost iPad Day, which means you’re probably wondering if 1Password is going to be ready. Fortunately, we submitted our iPad updates to Apple within the deadline. If all goes well, 1Password for iPad should be available for the iPad’s launch!

Recap

If you want to learn more about 1Password for iPad, check out our previous two posts that include a few screenshots. We spent a lot of time thinking about how people will interact with 1Password on the iPad, and we think we have a great experience in store for you.

The money thing

After some lengthy Agile board room meetings, dry erase boards filled to the brim with really, really important diagrams, back-to-back PowerPoint Keynote presentations, and vigorous focus group testing, we decided how 1Password for iPad pricing will work by flipping a coin. Ok, just kidding about the coin thing. And the dry erase boards.

1Password for iPad will cost just $6.99. We built this version specifically for iPad owners who do not plan on owning an iPhone or iPod touch. It has a gorgeous interface that was designed exclusively for the iPad, which you can get an early peek at in our previous iPad posts.

1Password Pro will contain both iPad and iPhone versions for users who own both devices. Once Apple approves the update we submitted along with our iPad-only version, 1Password Pro will sell for $14.99, though this upgrade is free to current owners (right now 1Password Pro is a steal for $8.99!). 1Password Pro already includes some great features over the standard iPhone version, like Folders and support for copying multiple items to Safari. In future updates, 1Password Pro will gain even more exclusive features, such as wireless sync via MobileMe and WebDAV, as well as Favorites for easy access to frequently used items.

1Password standard will sell for $6.99 from now on and will not gain the iPad interface.

Wrapup

So there you have it. 1Password for iPad and 1Password Pro for iPhone+iPad are now in Apple’s hands. We hope to be available in the iPad App Store when it opens Saturday, so be sure to check out 1Password for iPad for all of your password and identity needs!