Corporate network with enterprise root certificates

What would the security implications be of using iPassword X (in Chrome) in an environment where an enterprise has installed enterprise root certificates that are used to decrypt SSL traffic as it crosses from the intranet to the public internet? Would the enterprise be able to intercept a 1P master password? What about passwords and other data stored in or accessed from the 1Password online vault?

(For the moment I'm just talking about network traffic inspection and not surveillance on the host laptop itself, which I realize would be another critical vector.)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @irxt3mhq,

    The Master Password is never transmitted, not even in the web interface. Crucial to ensuring the security of each individual is the Master Password is never transmitted by any client because we never want to possess that information, not even in some temporary fashion. I would need to confirm but if the communication could be intercepted I believe it would divulge the secret key and the encrypted blobs of data being returned by the server. The server only knows how to handle and deal with encrypted data and enough meta data to know who it belongs to.

    If the laptop was being monitored to the point of key logging then there's not much 1Password can do. Where possible we do use native password fields* but if somebody has root access to a machine there isn't much that they can't do.

    • In macOS use of a secure input field in 1Password for Mac sees the operating system disable any software listening to the keyboard, a good example being TextExpander. Nothing will stop a hardware key logger if it is plugged in between the keyboard and computer though.

    We also have a white paper on the topic of security. It's not light reading but if you're curious about details it definitely has a lot of those :smile: We're also here for any questions as well but as they become more specific it may require a particular person replies to ensure we get the details right.

  • irxt3mhq
    irxt3mhq
    Community Member

    This is helpful. Thanks!

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Happy I could help :)

This discussion has been closed.