One of the Best Password Managers Around Is Leaking Metadata

1Password is getting heat for not encrypting metadata.

by Janus Rose
Oct 21 2015, 12:00pm

Photo: Brook Ward/Flickr

Using a password manager is hands-down one of the best and easiest things you can do for your data security hygiene.

The benefits are hard to overstate: By consolidating all your login details into an encrypted keychain protected by a single master password, you can generate strong, unique passwords for every site and app you use without ever having to remember a single one of them. In a world where data breaches seem to occur on a weekly basis, it can mean the difference between a simple account reset and full-scale identity theft.

Among this essential class of software, 1Password has consistently come out on top. It's shockingly usable, doesn't require a proprietary cloud service, and even allows you to auto-fill logins on websites with a single keystroke using browser plugins. The basic 1Password app is free, with the option to upgrade for a range of features including more detailed organization and the ability to easily store things like passport numbers and wireless router profiles. I've been a 1Password user for several years and I'm generally happy with it.

That being said, no security tool is perfect. 1Password—which is developed by Canadian company AgileBits and notably not open source—is no exception.

In a personal blog post published over the weekend, Microsoft software engineer Dale Myerspointed out how a legacy design feature causes 1Password keychain files to leak sensitive metadata, including which sites you visit.

Basically, 1Password keychains (or "vaults," as the company calls them) encrypt all the usernames and passwords you store in them, but not the information about those logins such as URLs and user-assigned labels (like tagging your work email login "work email").

"We didn't want to rush into something that would disrupt people's workflows."

That doesn't mean the actual passwords in your 1Password keychain are compromised, but it does mean 1Password users may be exposing more information than they realize.

"Perhaps I signed up for and this isn't something I want to broadcast," Myers wrote as an example. If an attacker ever discovered where his 1Password keychain file is hosted on Dropbox, they'd be able to look at the file to "find out exactly what shady sites I have accounts on, what software I have licences [sic] for, the bank card and accounts I hold, the titles of any secure notes I have," and any other information that could be gleaned from the keychain's list of logins.

This metadata leakage is possible due to several factors. The first is a feature called 1Password Anywhere, which makes your password keychain usable on any machine via your web browser without having to install the 1Password app as long as you supply the master password. The keychain is stored as a collection of JavaScript files bundled into a single "Agile Keychain" file, which keeps your passwords encrypted, but not the metadata about the accounts you've saved.

The Agile Keychain itself is accessible due to the fact that many users store it on Dropbox to keep their password vault synced across various devices (1Password gives several options for doing this, including a WiFi sync option). This lets you access the keychain from anywhere, but in the process exposes your metadata to anyone who knows where it's stored.

This metadata leakage can be risky in certain cases. For example, Myers explains, 1Password automatically prompts you to save a new item to your keychain whenever a new login is entered in your browser, including the site's URL. That means when you're logging in through a password reset email, the reset URL normally gets saved in your keychain (in unencrypted form), thus making it available to anyone who gets access to your keychain file. Usually those reset links expire immediately after they're used. But sometimes they don't, potentially giving someone with the reset URL a window to change your password.

In a blog post of its own posted Monday night, AgileBits reassured customers by reiterating that no actual passwords are leaking from 1Password keychains. Apparently the metadata issue has been known for some time and is due to legacy design from an earlier version of the 1Password software.

"At this time, 1Password had significantly less processing power to draw from for tasks like decryption, and doing something as simple as a login search would cause massive performance issues and battery drain for our users," the company wrote. "Given the constraints that we faced at the time, we decided not to encrypt item URLs and Titles."

In 2012, AgileBits introduced an improved keychain format called OPVault, which provides authentication and encrypts much more metadata than the Agile Keychain. But the format isn't backwards compatible with older versions and is still only available by default in the most recent Windows beta version. Manually converting over from the old Agile Keychain format also remains a fairly onerous process.

"We decided to take a conservative approach and not automatically migrate everyone over to OPVault because many users depend upon older versions of 1Password and they wouldn't be able to log into their accounts," the company wrote. "We knew we could trust the security of the AgileKeychain to protect confidential user data so we didn't want to rush into something that would disrupt people's workflows."

That's still pretty disappointing considering that 1Password is otherwise one of the best options out there for user-friendly password managers. Your passwords are still safe and an average user should definitely not let this deter them from using a password manager. However if you're really worried about metadata leakage, you'll want to manually switch your keychain to the OPVault format. Or ideally you can limit any future exposure by syncing your keychain using 1Password's WiFi sync or a third party peer-to-peer app like BitTorrent Sync, rather than Dropbox (1Password says iCloud and Wi-Fi use OpVault by default).

AgileBits is promising to switch over to the more secure OPVault format on other platforms "soon," but there's really no telling when that will happen (Especially considering the app still has no Linux support despite years of requests from users.) Until then, for most users, 1Password means accepting a classic tradeoff: risking a bit of privacy for convenience and usability.

Update: This story has been updated to reflect that 1Password says iCloud and Wi-Fi use OpVault by default.