Disable core dumps in Windows
One of the findings of the recent ISE research was that the data from password managers may be compromised through the storage or sending of core dumps.
Other password managers are now implementing this feature in Windows.
I'd like to suggest that 1Password consider adding this.
It seemingly has no downsides and doesn't require the user to jump through hoops by disabling all Windows error reporting.
More information below.
https://sourceforge.net/p/keepass/discussion/329220/thread/d1bff5a460/#47c7
Comments
-
@gazu thanks for the suggestion! In fact disabling Windows Error Reporting for 1Password process is the first thing we do since early 2018.
0 -
Hi gazu,
I want to clarify one thing; while we have opt-out of Windows Error Reporting from the beginning on the main 1Password process and others as Serg said, there is one minor process that hasn't been opt-out yet; 1Password's filling brain process (1Password.brain.exe) that works with the 1Password extensions. This process is terminated automatically after each filling/saving attempt, so its memory would be reclaimed almost instantly but a serious system crash during the filling/saving could capture some data. This will be opt-out in the next update.
0 -
This will be opt-out in the next update.
Excellent.
Thanks very much for your answers guys. :)
On a side note it'd be great if this feature could be added to the documentation.
0
